CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM\...\Run: [SERVICE] => [X]
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [4149760 2017-09-22] (The Chromium Authors)
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.192.0920.0012\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.192.0920.0012\amd64"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.192.0920.0012] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.192.0920.0012"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.192.0920.0015\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.192.0920.0015] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.192.0920.0015"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.212.1021.0008\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\RunOnce: [Uninstall 18.212.1021.0008] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\18.212.1021.0008"
HKU\S-1-5-21-1539140294-2468273068-37887355-1002\...\MountPoints2: E - "E:\SETUP.EXE" 
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
Tcpip\..\Interfaces\{171c5495-c728-4960-9fec-933d4ad09d9f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{171c5495-c728-4960-9fec-933d4ad09d9f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{365486fc-6806-4181-90ff-434f50631363}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6f81839f-8443-4c10-9a60-df4e1805c103}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6f81839f-8443-4c10-9a60-df4e1805c103}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{78f96882-4cef-442c-9141-35160b21148a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3c7c8bc-d90b-4351-9e0c-c5cd9b42dff6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e909f3ee-e04b-11e7-b728-806e6f6e6963}: [NameServer] 8.8.8.8
CHR DefaultSearchURL: Default -> hxxps://search.mysearch.com/web?q={searchTerms}&redirect=CYV
CHR DefaultSearchKeyword: Default -> Mysearch
CHR DefaultSuggestURL: Default -> hxxps://lss.sse-iacapps.com/lss/api?token=be3b0df7-25c9-39e3-86fb-ba89d85a0912&q={searchTerms}
CHR Extension: (MySearch) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcebahaopmklkfaaacddffiomjjldmkk [2018-11-16]
CHR HKLM\...\Chrome\Extension: [fcebahaopmklkfaaacddffiomjjldmkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1539140294-2468273068-37887355-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcebahaopmklkfaaacddffiomjjldmkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcebahaopmklkfaaacddffiomjjldmkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2018-03-02 14:33 - 2018-03-02 14:33 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133329790.dll
2018-03-02 14:33 - 2018-03-02 14:33 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133330134.dll
2018-03-02 14:33 - 2018-03-02 14:33 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133330353.dll
2018-03-02 14:33 - 2018-03-02 14:33 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133359528.dll
2018-03-02 14:34 - 2018-03-02 14:34 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133402182.dll
2018-03-02 14:34 - 2018-03-02 14:34 - 001904128 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133402276.dll
2018-03-02 14:34 - 2018-03-02 14:34 - 002210816 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133407411.dll
2018-03-02 14:34 - 2018-03-02 14:34 - 002210816 _____ (Opera Software) C:\Users\user\AppData\Local\Temp\Opera_installer_180302133410158.dll
2017-12-08 00:36 - 2017-12-08 00:36 - 019331576 _____ () C:\Users\user\AppData\Local\Temp\setup.dll
WorldofTanks (HKLM-x32\...\WorldofTanks) (Version:  - ) <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {4E69BAB9-FCCC-4DAD-9C44-ECA601E99BE5} - System32\Tasks\WorldofTanks2 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034&aff_sub2=5A32M5EBiiEPmff5HkQ39Ro4NipRSQWis0TwAr6RZINiplqTCv5FjgnipJgAAAKI5znYie&aff_sub=102 --app-window-size=1538,865
Task: {8ABA7EDB-0AEF-4BF1-BADF-634E4519977E} - System32\Tasks\WorldofTanks3 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034&aff_sub2=5A32M5EBiiEPmff5HkQ39Ro4NipRSQWis0TwAr6RZINiplqTCv5FjgnipJgAAAKI5znYie&aff_sub=102 --app-window-size=1538,865
Task: {A9B82E78-8E34-4F21-9A7F-B1F75D9FAA55} - System32\Tasks\WorldofTanks0 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034&aff_sub2=5A32M5EBiiEPmff5HkQ39Ro4NipRSQWis0TwAr6RZINiplqTCv5FjgnipJgAAAKI5znYie&aff_sub=102 --app-window-size=1538,865
Task: {AA797DB6-156F-420E-9CA8-93F04461B59C} - System32\Tasks\WorldofTanks1 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034&aff_sub2=5A32M5EBiiEPmff5HkQ39Ro4NipRSQWis0TwAr6RZINiplqTCv5FjgnipJgAAAKI5znYie&aff_sub=102 --app-window-size=1538,865
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]