Start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
AlternateDataStreams: C:\Users\ameno\Desktop\ordodo.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\ameno\Desktop\ordodo.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\ameno\Desktop\ordodo2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\ameno\Desktop\ordodo2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{D83B5D4C-24DA-4493-8A04-416DB2683A9D}] => (Allow) C:\Users\ameno\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
C:\Users\ameno\AppData\Roaming\ZHP\ZHPSuite.exe
HKU\S-1-5-21-3304223374-1357417736-805463502-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-3304223374-1357417736-805463502-1001\...\MountPoints2: {e0607e33-e836-11e8-aef9-9cda3e76d53f} - "F:\LaunchU3.exe" 
HKU\S-1-5-21-3304223374-1357417736-805463502-1001\...\MountPoints2: {f4b2e531-8b0c-11e9-af0c-9cda3e76d53f} - "F:\HiSuiteDownLoader.exe" 
Task: {EDDA3D14-4CF5-493D-9A70-D8814B0CE09A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" 
2020-06-24 00:38 - 2020-06-24 08:33 - 000000000 ____D C:\Users\ameno\AppData\Roaming\ZHP
2020-06-24 00:38 - 2020-06-24 00:38 - 000000000 ____D C:\Users\ameno\AppData\Local\ZHP 
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 00:55 - 2020-06-10 00:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 
C:\Windows\Temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
cmd: ipconfig /flushdns
CMD: netsh advfirewall reset
end::