content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
2026-03-30 06:18 - 2026-03-30 06:18 - 000255400 _____ (360.cn) C:\ProgramData\StreamA32.exe
2026-03-29 09:37 - 2026-03-30 13:16 - 000000000 ____D C:\ProgramData\MgrMaintain
2026-03-29 09:37 - 2026-03-29 09:37 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\MgrMaintain
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
2026-03-29 09:37 - 2026-03-30 08:34 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\Fofezayu
2026-03-29 09:37 - 2026-03-30 08:34 - 000000000 ____D C:\Users\TG02-007\gw.exe
2026-03-29 09:36 - 2026-03-29 09:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2026-03-29 09:32 - 2026-03-29 09:32 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\RenPy
2024-08-19 19:10 - 2024-12-03 15:31 - 000000000 _____ () C:\ProgramData\sldh.dat
2022-09-04 12:51 - 2022-09-04 12:51 - 000000024 _____ () C:\Users\TG02-007\AppData\Roaming\Microsoft\Update.txt
2024-12-09 09:59 - 2024-12-09 09:59 - 000000048 ____R () C:\Users\TG02-007\AppData\Local\6E5DB14CBCBF1802671DBC4CF4A16DE7
2025-11-15 05:56 - 2025-11-15 05:56 - 000000048 ____R () C:\Users\TG02-007\AppData\Local\7CFC0A8D2AB49DD279CC580FDB000897
2024-02-02 17:36 - 2024-02-02 17:36 - 000006366 ____H () C:\Users\TG02-007\AppData\Local\91477623837
2024-01-09 05:01 - 2024-01-09 05:01 - 000005374 ____H () C:\Users\TG02-007\AppData\Local\91887170374
2024-01-06 13:30 - 2024-01-06 13:30 - 000005534 ____H () C:\Users\TG02-007\AppData\Local\92056688834
C:\ProgramData\MgrMaintain
C:\ProgramData\Lupa
2026-03-27 07:43 - 2026-03-27 07:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-01-05 13:36 - 2024-01-06 00:10 - 000005350 ____H () C:\Users\TG02-007\AppData\Local\91547068486
TeamViewer (HKLM\...\TeamViewer) (Version: 15.51.6 - TeamViewer)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [STOVE] => C:\ProgramData\Smilegate\STOVE\STOVE.exe (No File)
HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-19\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-20\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [AF_uuid_514912] => ad9face8-89c5-4908-90f5-7ef275380aa0** *n*u*l*l*********‘·¸¾*ñ*—ProgramF (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [AF_counter_514912] => 4 (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
ShortcutTarget: RocketDock.lnk -> C:\Program Files (x86)\RocketDock\RocketDock.exe (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 XD Client Service; C:\Program Files (x86)\XD_GAME\public\service.exe [X]
2025-07-02 10:48 - 2025-07-02 10:48 - 000000024 _____ () C:\Users\TG02-007\AppData\Roaming\C23W6Vk43XTwu662.dat
CustomCLSID: HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\TG02-007\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\BstShm_5.21.580.1019_nxt:0BA5A0C5AF [7714]
AlternateDataStreams: C:\ProgramData\BstShm_5.21.580.1019_nxt:BFA2474391 [7714]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [7714]
AlternateDataStreams: C:\ProgramData\sldh.dat:136096DD5B [6002]
AlternateDataStreams: C:\ProgramData\sldh.dat:AF7D5A4DE2 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe:5333F5D8A9 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe:9DCDB32EE1 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk:35D20EBEE5 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Documentation.lnk:92B3809DA8 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk:F32536EEBE [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:5465085A2F [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10134]
AlternateDataStreams: C:\Users\TG02-007\Dati applicazioni:86dabf594e68b7fb8ac56037576b6591 [394]
AlternateDataStreams: C:\Users\TG02-007\Dati applicazioni:c15540c89c88cd704ccd25de5f07f873 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Roaming:86dabf594e68b7fb8ac56037576b6591 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Roaming:c15540c89c88cd704ccd25de5f07f873 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Local\Temp:$DATA [16]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Task: {296F0E3E-E22E-4EAB-A10F-B898F2BAAD71} - \Microsoft\Windows\Setup\EM -> No File <==== ATTENTION
Task: {1F38C9E5-6E48-496A-99EA-2929E14D8BCC} - System32\Tasks\SystemOptimizerTemp => C:\Users\TG02-007\AppData\Local\Temp\HP\SystemOptimizerTemp\SystemOptimizer.exe -update (No File) <==== ATTENTION
2026-03-29 09:38 - 2026-03-29 09:38 - 000000000 ____D C:\Users\TG02-007\AppData\Local\Yandex
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.