Start::
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-264360123-2859139072-1872116722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
HKU\S-1-5-21-264360123-2859139072-1872116722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
SearchScopes: HKU\S-1-5-21-264360123-2859139072-1872116722-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
U3 idsvc; no ImagePath
S3 SBFWIMCL; \SystemRoot\system32\DRIVERS\sbfwim.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Martinat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmycbw.dll
C:\Users\Martinat\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Martinat\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Martinat\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Martinat\AppData\Local\Temp\tmp166C.exe
C:\Users\Martinat\AppData\Local\Temp\tmp283C.exe
C:\Users\Martinat\AppData\Local\Temp\tmp3CB8.exe
C:\Users\Martinat\AppData\Local\Temp\tmp5865.exe
C:\Users\Martinat\AppData\Local\Temp\tmpB0EA.exe
C:\Users\Martinat\AppData\Local\Temp\tmpC341.exe
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
Task: {220701C2-CA15-443E-854E-786AB323A05E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E647D8C-9B6D-4AFA-B243-AD7C23AAB7F8} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
Task: {3FBF4831-5399-4D5D-835A-F60688808619} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {5405F162-916C-42C7-BD83-E72FAFD129FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5C9BF4FB-1254-44F6-8651-14E7BDCD3EF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75565697-7719-41DC-991D-668D4A5DA0FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89B137EB-E78C-4A7F-AFFE-93B96CFFAB42} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FBB6CFC-9AE0-4317-AAC3-F1C01313089E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B958B373-B742-46A5-B577-0EE76540D6E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BEE555F5-CC84-4EFA-8D52-A87C7C449C45} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E5B0101D-519B-44FA-9BC9-358C509108AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E8FEC769-1ED4-4F43-9F6A-0435EE3574E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FCE6FC99-ACC9-4C61-B884-3BF4121D04B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Windows\Temp\*.*
End::