CreateRestorePoint: CloseProcesses: Zip:C:\Users\phili_000\AppData\Roaming\Powikvousy\Coidoseposoied.dll;C:\Program Files (x86)\Atpspreerterght\Aruatainstuserysys.dll;C:\WINDOWS\a37392c9d0be3546d8332bb0a8442c8e.exe;C:\Program Files (x86)\Mozilla Firefox\ix1p0i.dll ShellExecuteHooks: - {1AE6B03E-A5C0-11E6-A016-64006A5CFC23} - C:\Users\phili_000\AppData\Roaming\Powikvousy\Coidoseposoied.dll [147456 2016-11-22] () R2 Hhightphash; C:\Program Files (x86)\Atpspreerterght\Aruatainstuserysys.dll [275968 2016-11-22] () [File not signed] 2016-11-22 00:54 - 2016-11-22 00:54 - 00000000 ____D C:\Users\phili_000\AppData\Local\UCBrowser 2016-11-22 00:53 - 2016-11-22 01:15 - 00000000 ____D C:\Program Files (x86)\Atpspreerterght 2016-11-22 00:53 - 2016-11-22 00:54 - 00000000 ____D C:\Users\phili_000\AppData\Local\Ckadaward 2016-11-22 00:53 - 2016-11-22 00:53 - 00000000 ____D C:\Users\phili_000\AppData\Roaming\Powikvousy 2016-11-21 11:20 - 2016-11-21 11:20 - 01908919 _____ C:\WINDOWS\a37392c9d0be3546d8332bb0a8442c8e.exe Task: {032B3AE7-B210-4CF8-B105-F89DF26C5365} - System32\Tasks\9a2a29d4ebdd4324ffe8a19b24637c21 => Rundll32.exe "C:\Program Files (x86)\Mozilla Firefox\ix1p0i.dll",e62dc6c6547f46bda862da2d05af6862 Task: {8C7B8A4D-59FF-4E4E-A94A-54B945BC2C71} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe 2016-11-22 00:53 - 2016-11-22 00:53 - 00275968 _____ () c:\program files (x86)\atpspreerterght\aruatainstuserysys.dll EmptyTemp: