start
CreateRestorePoint:
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{9E169071-C5A7-849F-38A1-692C9AC86E9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{CA7B762C-8604-76D3-0CB3-A42D8B3DA8F1}\InprocServer32 -> no filepath
Task: {24192157-DF55-433D-AB08-4230C8E58ACE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {262F48A5-A2C4-4A66-89E6-C08AF90C4F83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {36E64567-0921-4ADC-BD4A-E284B80D0EA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {39E4CDCA-19CF-4D03-8A04-2B4C835379FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {64412004-2C29-42B5-B406-E9864B527AAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {783577F4-C8B9-4240-ACE3-977BCC6A810C} - System32\Tasks\GNOK => C:\Users\Natascha\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: {8E0AF61B-F056-4D66-86CA-3469E9A19080} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A4F146C9-B743-4791-87BB-418B999A9263} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {AD2FCCB7-A3F2-4D01-9BA8-B334A6010534} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ATTENTION
Task: {B835580A-56CB-43EA-A5CB-571A4891288D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9321CBB-FDDC-4DA0-B365-342D9772D10C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {CC272B6D-F853-40A7-8AEC-EE9303C00831} - System32\Tasks\BYAIAMUF => C:\Users\Natascha\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: {DBBD7C40-007E-411B-9986-4D5F102B1761} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DE45C6D9-4394-419B-98E1-B23E6A983FCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F4EAA9A2-837B-422F-90B8-EB5DE9CCFFF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD0B294B-1A4E-439D-9A87-D3B6E6FF238E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\BYAIAMUF.job => C:\Users\Natascha\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GNOK.job => C:\Users\Natascha\AppData\Roaming\GNOK.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "svchost0"
FirewallRules: [{081DDE02-B844-4BDB-8E43-8C5C50367DC5}] => (Allow) C:\Users\Natascha\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{820EE744-18E8-4158-AB98-11CA79E68385}] => (Allow) C:\Users\Natascha\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{C1991A0B-F410-4455-BD7D-9B9C9C4333BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{F932511F-498E-42FD-9A06-86DA7CC9F9B2}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: No Name -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> No File
Toolbar: HKLM - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-336042120-3881833094-1070839671-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-336042120-3881833094-1070839671-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ProfilePath: C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\2r3ugg6v.default\Profiles\2r3ugg6v.default [not found]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx <not found>
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
2016-10-25 15:46 - 2016-10-25 17:06 - 00000000 __SHD C:\Users\Natascha\AppData\Local\svchost
2016-10-25 15:43 - 2016-10-25 20:00 - 00002654 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2016-10-25 15:43 - 2016-10-25 15:43 - 00003504 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\Avira
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\Avg
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-25 14:57 - 2016-08-29 07:50 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-10-31 04:52 - 2015-05-10 12:28 - 00001716 _____ C:\WINDOWS\Tasks\BYAIAMUF.job
2016-10-30 21:42 - 2015-05-10 12:29 - 00001364 _____ C:\WINDOWS\Tasks\GNOK.job
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Natascha\AppData\Roaming\BYAIAMUF
EmptyTemp:
Reboot:
end