start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\SOFTWARE\Policies\Google: Restriction
Task: {3D99CABD-2EC1-4C16-81F7-089D203CE792} - \Lenovo\ImController\TimeBasedEvents\43dd0118-3ccd-4648-b103-b75896a80563 -> Pas de fichier
Task: {4332D83A-4941-4DE2-8DA2-DECD6C7DE5F8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Pas de fichier
Task: {5A497801-76C0-4A71-B64A-17DD57F4B0E6} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Pas de fichier
Task: {94A26685-87F4-4375-A990-1949C2B1C140} - \Lenovo\ImController\TimeBasedEvents\869694cc-e374-4f03-bbd7-7b454d351ca6 -> Pas de fichier
Task: {A26D73BB-A9EC-4570-98BB-99498F48902E} - \Lenovo\ImController\TimeBasedEvents\1018f190-ab80-49cb-9ea4-bda52dc5d09d -> Pas de fichier
Task: {CB161EBC-6791-49A6-AE50-9075C07C914C} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Pas de fichier
Task: {EAE6CE66-BE53-4EDE-BB4E-9C1357B84AA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe 
Task: {EEA6D570-8A98-4677-8563-491C51EB34E6} - \Lenovo\ImController\TimeBasedEvents\f40c26ca-7f8a-4c25-9c1c-f4e5b2e4313b -> Pas de fichier
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys 
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys 
2021-07-18 07:56 - 2021-07-18 15:46 - 000128517 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
CustomCLSID: HKU\S-1-5-21-2995523392-4040111141-100969284-1001_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 ->
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\WINDOWS\Logs:Defender.log 
AlternateDataStreams: C:\ProgramData\Temp:1ED915E2 [316]
AlternateDataStreams: C:\ProgramData\Temp:3801A9B9 [140]
AlternateDataStreams: C:\ProgramData\Temp:58A5270D [406]
AlternateDataStreams: C:\ProgramData\Temp:9C5901F5 [149]
AlternateDataStreams: C:\ProgramData\Temp:ACABCC78 [138]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [153]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR540 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR540.SYS => ""="Driver"
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {E1C3A7E0-938B-47D9-9EBD-FE77755F9136} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E1C3A7E0-938B-47D9-9EBD-FE77755F9136} URL =
SearchScopes: HKU\S-1-5-21-2995523392-4040111141-100969284-1001 -> DefaultScope {E1C3A7E0-938B-47D9-9EBD-FE77755F9136} URL =
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: AviraPhantomVPN => 2
MSCONFIG\Services: KMSServerService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\Run: => "Shadow Defender Daemon"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
end::