CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-07-21]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
2018-07-17 08:38 - 2018-07-17 08:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-17 08:43 - 2017-05-31 20:44 - 000000000 ____D C:\ProgramData\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AntiVirMailService
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AntiVirSchedulerService
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AntiVirService
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AntiVirWebService
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avdevprot
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avipbb
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\Avira.ServiceHost
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AviraPhantomVPN
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AviraUpdaterService
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avkmgr
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\scupdate
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\scupdatem
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avkmgr
R4 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys 44488 2017-08-01 (Avira Operations GmbH & Co. KG)
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Software Updater ServiceHost
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\AviraSpeedupService
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avira
DeleteValue: HKEY_USERS\S-1-5-21-2532843739-1787431547-1269948887-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|"Avira.Systray.exe"
DeleteValue: HKEY_USERS\S-1-5-21-2532843739-1787431547-1269948887-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|"Avira.OE.Setup.Bundle.exe"
RemoveDirectory: C:\Program Files (x86)\Avira
Reboot:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"