Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

2026-04-01 21:34 - 2025-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\360
2026-03-30 10:35 - 2025-12-31 13:01 - 000000000 __SHD C:\$360Section
2026-03-30 10:35 - 2025-12-30 22:59 - 000000000 ____D C:\ProgramData\360Quarant
2026-03-28 19:35 - 2025-12-30 23:26 - 000000000 ____D C:\Users\User\AppData\LocalLow\360MenuMgr

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [4282]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk:74809202C5 [4282]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk:F9B57EE960 [4282]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [4282]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk:E033AD74A8 [4282]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk:65270D1A26 [4282]
HKLM-x32\...\Run: [Genshin Impact_launcher__1_1] => C:\Program Files\Genshin Impact\updateProgram\Update.exe (No File)
HKU\S-1-5-21-1842684411-639426636-3768092204-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
HKU\S-1-5-21-1842684411-639426636-3768092204-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
Task: {D87313BF-78CC-465E-9627-B26582B90B8B} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1842684411-639426636-3768092204-1001 => C:\Users\User\AppData\Local\Programs\Messenger\MessengerHelper.exe  --lassie (No File)


StartRegedit:
Windows Registry Editor Version 5.00
    
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001

EndRegedit:

Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON

EmptyTemp:
End::