Eliminating żěą, uc (Chinese stamps) Viruses: Step-by-Step Guide Needed for Manual Removal

Hello everyone.
Anticipating negative comments: yes, I carelessly downloaded the virus from torrents and at my own request infected the computer with it. Well - we bad. I don't know which program was responsible for it, but suddenly there were a lot of programs and extensions such as the title żěą, uc ?? ?, trotux and other shortcuts for games, etc. I had such things before and I have always managed, but in this case, I have to admit that after reading dozens of articles of guides and downloading several programs that were supposed to remove the virus for me (adwcleaner, trojankiller, spyemergency etc.), I don't know what to do next. That's why I am asking for help. I know it can be done manually but I need instructions. Exactly what and how to do it. I also saw in forums how people upload some text files from a notebook (some FRST etc.). I don't know what it is and if I have something like that, please let me know how.
Greetings!

In almost every thread you have given how to use FRST and where to download, it is also given in the suspended threads in this section and on google, so how can you not know?

Include in the attachment the logs from FRST (Frst.txt and Addition.txt):
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Okay i throw it (Thanks for the quick reply).

Spy Emergency, co to w ogole jest? Skad ludzie biora te programy...

Odinstaluj: Spy Emergency

Widze, ze infekcja zaczela sie od: easy7zip_x64.exe, na przyszlosc uwazaj co sciagasz!

7zip masz tutaj: http://www.7-zip.org/download.html i nie sciagaj jakichs zainfekowanych wersji.




W ustawieniach Chrome usun przywracanie zestawu stron po starcie.

Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
CloseProcesses:
Task: {18E12086-70EE-43E5-A221-C36992907E17} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-18] (UCWeb Inc) C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-21] (UC Web Inc.) C:\Program Files (x86)\Anokudom\renpy.exe [2017-01-21] (Glarysoft Ltd)
C:\Program Files (x86)\Anokudom\
C:\Program Files (x86)\UCBrowser\
C:\Program Files (x86)\Stavock Nodifier\
Task: {75ED869C-6CDA-4E73-A319-00C0CB58F30F} - System32\Tasks\Driver Booster SkipUAC (Dell) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1821727414-1379230617-1618883771-1001\...\Run: [KR032RDEJ7] => "C:\Program Files\BXG3LM10PT\BXG3LM10P.exe"
HKU\S-1-5-21-1821727414-1379230617-1618883771-1001\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3292096 2017-01-20] (NETGATE Technologies s.r.o.)
HKU\S-1-5-21-1821727414-1379230617-1618883771-1001\...\Policies\Explorer: []
HKU\S-1-5-21-1821727414-1379230617-1618883771-1001\...\MountPoints2: {d9f12c8a-9c35-11e6-922e-20474774ffda} - "D:\Setup.exe"
HKLM\...\Providers\4nnde8p9: C:\Program Files (x86)\Stavock Nodifier\local64spl.dll [290816 2017-01-21] ()
ShellExecuteHooks: Brak nazwy - {28CC7F7E-DC67-11E6-B5E0-64006A5CFC23} - C:\Users\Dell\AppData\Roaming\Muqtainzawge\Anisadom.dll -> Brak pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-01-21] ()
CHR StartupUrls: Profile 1 -> "hxxp://www.google.pl/","hxxp://www.facebook.com/","hxxp://www.trotux.com/?z=678318844f72aea2a2fb950g3zab8z0tcq7g1wet5m&from=icb&uid=TOSHIBAXMQ02ABD100H_Y5IWC2CATXXY5IWC2CAT&type=hp"
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
R2 Revitdervek; C:\Program Files (x86)\Anokudom\GrufershkidersSystem.dll [138240 2017-01-21] () [Brak podpisu cyfrowego]
R2 WinRARJava; C:\Program Files (x86)\WinRAR\WinRARJava.dll [223232 2017-01-21] () [Brak podpisu cyfrowego]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.)

next to FRST.exe i.e. ... in the downloaded folder? only there I have this file ...

Yes, in the folder where you saved frst, downloaded from you.

After scanning with Mbam I have the opportunity to quarantine threats (not remove them). Should I do that?

Yes o

Okay done I think it's good -> the crap is gone

You did not do:
> In the Chrome settings, delete the restore page set after startup.

New Fixlist.txt for FRST:
S2 SpyEmrgHealth; C: \ Program Files \ NETGATE \ Spy Emergency \ SpyEmergencyHealth.exe [X]
S1 HWiNFO32; \ ?? \ C: \ WINDOWS \ SysWoW64 \ drivers \ HWiNFO64A.SYS [X]
2017-01-21 03:57 - 2015-03-09 11:26 - 00019768 _____ (NETGATE Technologies sro) C: \ WINDOWS \ system32 \ Drivers \ spyemrg_guard.sys
2017-01-21 03:57 - 2011-04-21 10:31 - 00017240 _____ (NETGATE Technologies sro) C: \ WINDOWS \ system32 \ Drivers \ spyemrg.sys

Execute in normal mode.
Once done, delete the C: \ FRST directory and that's it.

Okay ... I guess it's all but I'm not sure about this guy. In the settings, in the tab after starting, I deleted the page set (in point: Open a specific page or set of pages), among others was trotux there ... was it all or something else wrong?

That's all.

Gee, thank you soooooo !! I am glad that there are people who instead of writing "You moron, type se in google" really want and will help. Thanks again! Greetings!!!