Jak usunąć wirusy z chińskich programów? Logi z FRST, reklamy, AdwCleaner nie działa

Logi z FRST. Nie mogę sobie poradzić z wyskakującymi reklamami. Adwclener nie ogarnia. Proszę o pomoc.

Poprawiłem pisownię w poście i edytowałem temat. RADU23

Log Frst.txt jest pusty. Przeskanuj jeszcze raz i zamieść nowe logi.

EDIT
Otwórz notatnik systemowy i wklej:
Task: {0A88A6EC-CF16-4EA0-BBEF-5E25FEABEA47} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-13] (UCWeb Inc) <==== UWAGA
Task: {269E762D-22BA-418A-BC13-03E35903F68B} - System32\Tasks\Vasoydribak => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfro...XXXXS3PYZX3B&amp;v=2017215 /q
Task: {608EDE79-CF24-4BC7-9E84-7146B61C5277} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-13] (UCWeb Inc) <==== UWAGA
Task: {855C9E52-93A5-4F57-965C-BA58464D771C} - System32\Tasks\Fevuphmervly Launcher => C:\Program Files (x86)\Shodisyqrugh\tugesh.exe
Task: {B48D09E6-C448-4881-8E82-DF07F4A3C7D9} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3731805589-4005154256-4111265639-1001 -> Brak pliku <==== UWAGA
Task: {E3E0959D-C3B1-424C-AB5A-A10551EE48F2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
Task: {F0B6EF54-9CA9-4AF4-862E-CE54E461FD91} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-16] (UC Web Inc.) <==== UWAGA
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
ShortcutWithArgument: C:\Users\'lfgg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\'lfgg\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\'lfgg\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\'lfgg\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
2017-02-15 19:37 - 2017-02-13 12:37 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1214242]
Hosts:
FirewallRules: [{979DB3E8-4CC2-41B0-B271-8CEF11314BB4}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{04F7B0D0-1168-4478-8D3D-31B02F8C5DA2}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{979DB3E8-4CC2-41B0-B271-8CEF11314BB4}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKU\S-1-5-21-3731805589-4005154256-4111265639-1001\...\Run: [F4jYxThso2.exe] => C:\Users\'lfgg\AppData\Roaming\{7b1-bc-9b-8e458-9fa7e-cc81-14fad}\F4jYxThso2.exe [686592 2017-02-15] (Kibas)
HKU\S-1-5-21-3731805589-4005154256-4111265639-1001\...\Run: [QZ8EHkYwW-.exe] => C:\Users\'lfgg\AppData\Roaming\{7b1-bc-9b-8e458-9fa7e-cc81-14fad}\QZ8EHkYwW-.exe [903168 2017-02-15] (Unit)
HKU\S-1-5-21-3731805589-4005154256-4111265639-1001\...\MountPoints2: {3cff8d83-bfc5-11e6-9f13-4cbb58fe4e8c} - "I:\autorun.exe"
ShellExecuteHooks: Brak nazwy - {005E7630-F1AE-11E6-8235-64006A5CFC23} - C:\Users\'lfgg\AppData\Roaming\Shogersh\Nrerge.dll -> Brak pliku
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-02-13] ()
S1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
S3 TTDrv; \??\D:\KOPLAYER\vbox\TTDrv.sys [X]
2017-02-16 07:56 - 2017-02-16 07:56 - 00002688 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-02-16 07:56 - 2017-02-16 07:56 - 00000334 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-02-15 21:30 - 2017-02-15 22:12 - 00000000 ____D C:\AdwCleaner
2017-02-15 21:04 - 2017-02-15 21:04 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-15 19:38 - 2017-02-15 20:22 - 00000488 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-15 19:38 - 2017-02-15 19:38 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-15 19:38 - 2017-02-15 19:38 - 00000000 ____D C:\Users\'lfgg\AppData\Local\UCBrowser
2017-02-15 19:36 - 2017-02-16 08:15 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 19:35 - 2017-02-15 20:08 - 00000000 ____D C:\Program Files\żěŃą
2017-02-15 19:35 - 2017-02-15 19:35 - 00000000 ____D C:\Program Files (x86)\Shodisyqrugh_
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom FRST i kliknij w Fix/Napraw.

Scaliłem. RADU23

Dzięki wielkie za pomoc!!

Zamiesc nowe logi z FRST, ze skanowania.

ponowne logi

Odinstaluj: Adobe Reader 9, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/

W Chrome zmien AdBlock na uBlock Origin.

Nowy Fixlist.txt dla FRST:
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
ShortcutWithArgument: C:\Users\'lfgg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\'lfgg\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk"
HKLM\...\Providers\5ydp3vr3: C:\Program Files (x86)\Fevuphmervly Launcher\local64spl.dll
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
2017-02-16 10:15 - 2017-02-16 10:15 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-15 20:29 - 2017-02-15 20:29 - 05659775 _____ (Swearware) C:\Users\'lfgg\Downloads\ComboFix.exe
2017-02-15 19:39 - 2017-02-15 19:39 - 00000000 ____D C:\Users\'lfgg\AppData\Local\CEF
2017-02-15 19:34 - 2017-02-15 19:34 - 00000000 __SHD C:\Users\'lfgg\AppData\Local\svchost
2017-02-15 19:33 - 2017-02-16 09:19 - 00000000 ____D C:\Users\'lfgg\AppData\Roaming\{7b1-bc-9b-8e458-9fa7e-cc81-14fad}
2017-02-15 19:31 - 2017-02-16 09:26 - 00000000 ____D C:\Program Files (x86)\Fevuphmervly Launcher
2017-02-15 19:31 - 2017-02-15 20:22 - 00000000 ____D C:\Users\'lfgg\AppData\Roaming\Shogersh
2017-02-15 19:31 - 2017-02-15 19:40 - 00000000 ____D C:\Users\'lfgg\AppData\Local\Rozaph
2016-08-09 19:11 - 2016-08-09 19:11 - 0000036 _____ () C:\Program Files\smaple.txt
2017-01-08 11:09 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2017-01-08 11:09 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url

Po wykonaniu usun katalog C:\FRST i to wszystko.

Zrobiłem wszystko tak jak opisane, dziękuję. adwcleaner nic nie wykrył. Temat zamknięty!!!