start::
closeprocesses:
createrestorepoint:
HKU\S-1-5-21-2576683645-2164366112-2471258968-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
FirewallRules: [TCP Query User{B807EC2D-0815-42A1-9C6E-5062BB6554FC}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F417CF70-39C0-4042-BE55-54FFA9C600ED}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2576683645-2164366112-2471258968-1001\...\Run: [MicrosoftEdgeAutoLaunch_8CE78385AF11F2DD33469807C17C4CC5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827112 2022-08-04] (Microsoft Corporation -> Microsoft Corporation)
C:\Users\gaeta\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak
C:\Users\gaeta\Downloads\*.crdownload
cmd: sfc /scannow
emptytemp:
end::