CloseProcesses:
SystemRestore: On
CreateRestorePoint:
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Warn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]
"EnablePeriodicBackup"=dword:00000001
EndRegedit:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3935894364-3524788465-1820509769-1001\...\Run: [] => [X]
Task: {53EE3DB5-9589-487C-B3E9-98BFB1FBED8E} - \Opera scheduled assistant Autoupdate 1734357980 -> No File <==== ATTENTION
Task: {02ECB2BC-85E4-41A0-8E8D-6C9538D88F20} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe  /c (No File)
Task: {920EE6EB-B6D9-423E-A4F5-E8EAE97D2D97} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe  /ua /installsource scheduler (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {6E6F5586-C0BB-4BF0-9779-D9050D5BEF34} - System32\Tasks\Opera scheduled Autoupdate 1734357977 => C:\Users\spwal\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [No File]
S2 avg; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc [X]
S3 avgm; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3935894364-3524788465-1820509769-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{5EC3BA09-89BA-4EE5-BD2C-0DF338DCD925}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{11825FB6-F68A-44B0-BAE3-A3119182D435}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{510D57DD-323D-498C-8814-6DAC3A6DE58C}] => (Allow) C:\Users\spwal\AppData\Local\Temp\7zS6E6C\HP.EasyStart.exe => No File
FirewallRules: [{8212B3AF-0D16-4851-8642-EE888B204B22}] => (Allow) C:\Users\spwal\AppData\Local\Temp\7zS69D1\HP.EasyStart.exe => No File
FirewallRules: [{888B4ABD-3343-4F67-BDBF-A7C176049F99}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{9BD3EB01-2630-47A8-90E9-3B984AA7080A}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{2C487845-96F6-4450-BD18-89591F046728}] => (Allow) C:\Users\spwal\AppData\Local\Programs\Opera\opera.exe => No File
FirewallRules: [{1E52A929-C0B8-4638-89A7-578BF009B25A}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{41CC0029-2258-4D0A-864A-F29F617B9B33}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{8E35F2B6-4457-46C2-8446-267589501635}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{61FBF745-3F83-4B34-A4FE-EB318CF8EA33}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{A321BAF9-0B49-45AB-86A1-0F27D1930B7F}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{EE6DBF9E-F414-4DBE-BF3D-C983D4A8DAE1}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2025\on1sandbox.exe => No File
FirewallRules: [{1E3E1409-2958-49CE-9A3F-B1D59C10268B}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{D38C106F-75DA-4D72-828D-3CC1ABE3001F}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{E2522992-E338-4BA8-AA76-D8B5ED369418}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{B2905B92-B87A-462A-86DC-81BE6A54F10A}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{804B88A7-77B3-43C4-9C31-56AF67C901F8}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{59219E30-1873-465E-B163-68A10EF6E21E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{953E5CAE-FC43-415A-9B79-13DA8B738173}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{8F1EB7AC-4542-4138-A106-FDF34C6D0646}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2026\on1sandbox.exe => No File
FirewallRules: [{BEA22000-2EDD-4550-B964-8845697169BD}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe => No File
cmd: winmgmt /salvagerepository
cmd: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
cmd: "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC
cmd: schtasks -create -f -sc onStart -ru "NT AUTHORITY\SYSTEM" -tn DWDH -tr "cmd /c cd /d 'C:\ProgramData\Microsoft\Windows Defender\Scans' & rd /s /q History\Service & rd /s /q History\CacheManager & del /f mpcache-*.bin* & del /f mpenginedb.db* & schtasks /delete /f /tn DWDH" >nul 2>nul
Reboot: