ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ǣREG_SZ,ֵǣGlobal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ600,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_EXPAND_SZ,ֵǣ%SystemRoot%\system32\mmc.exe "%1" %*,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣregedit.exe "%1",ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣc:\windows\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣc:\windows\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
½עPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ǣREG_SZ,ֵǣsvchost,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
½עPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ǣREG_SZ,ֵǣsystem,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,ǣValueName,ԭǣREG_SZ,ֵǣShowSuperHidden,ǣREG_SZ,ֵǣShowSuperHiden,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,ǣValueName,ԭǣREG_SZ,ֵǣShowSuperHiden,ǣREG_SZ,ֵǣShowSuperHiden,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
