Witam
Jako kolejna osoba dałem się nabrać na program, za który po instalacji trzeba zapłacić. Niestety przez panel sterowania nie mogę tego odinstalować 
Odinstaluj Adobe Download Assistant,Bonanza Deals (remove only),BrowseSmart,Bundled software uninstaller,Click Caption 1.10.0.2,Freecorder 8 Applications,Freecorder extension for Chrome,Freecorder extension for Firefox,IePluginService12.27.0.3326,Mobogenie,SearchMe Toolbar v10.9,Softonic Assistant,WinZipper.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
Pokaż nowe logi z FRST.
dzięki za szybką odpowiedź. Niestety zauważyłem że problem złośliwej wyszukiwarki nadal jest - uninistall master. W załączniku nowy plik frst. Z góry dzięki za odpowiedź
Otwórz notatnik systemowy i wklej:
HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-366782665-2929205055-3203858903-1002\...\Run: [SoftonicAssistant] = "C:\Users\dmxo\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
HKU\S-1-5-21-366782665-2929205055-3203858903-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
HKU\S-1-5-21-366782665-2929205055-3203858903-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-366782665-2929205055-3203858903-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
FF DefaultSearchEngine: key-find
FF Homepage: hxxp://www.!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"
FF SearchPlugin: C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-1.xml
FF SearchPlugin: C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-2.xml
FF SearchPlugin: C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-3.xml
FF SearchPlugin: C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1.xml
FF SearchPlugin: C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\searchplugins\key-find.xml
FF Extension: Advanced Cookie Manager - C:\Users\dmxo\AppData\Roaming\Mozilla\Firefox\Profiles\rd649602.default\Extensions\cookiemgr@jayapal.com [2015-02-24]
FF Extension: Click Caption - C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542} [2015-01-27]
CHR HKU\S-1-5-21-366782665-2929205055-3203858903-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx [Not Found]
S2 SpyHunter 4 Service; No ImagePath
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
S3 esgiguard; No ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-26] ()
2015-02-27 15:11 - 2015-02-27 15:55 - 00000000 ____ D () C:\AdwCleaner
2015-02-26 14:57 - 2015-02-26 14:57 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-02-26 14:57 - 2015-02-26 14:57 - 00000000 ____ D () C:\Users\dmxo\AppData\Roaming\Enigma Software Group
2015-02-26 14:57 - 2015-02-26 14:57 - 00000000 ____ D () C:\sh4ldr
2015-02-26 14:56 - 2015-02-27 15:31 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-02-26 14:56 - 2015-02-26 14:56 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-02-26 14:54 - 2015-02-26 14:55 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dmxo\Downloads\sh-remover.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.