Script ZHPFix 
FirewallRaz 
EmptyPrefetch 
EmptyTemp 
EmptyFlash


O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\p48q0el5ehq.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\gp0ol3d31.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\r06u0aj9edo.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\ir82l5lo1.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit) - File not found 
[MD5.5BCE955CF12AF3417F055DADC0212920] [APT] [ChelfNotify Task] (.Tencent.) -- C:\ProgramData\ChelfNotify\BrowserUpdate.exe [690144] (.Activate.) =>.Superfluous.Tencent 
[MD5.5BCE955CF12AF3417F055DADC0212920] [APT] [ChelfNotify Task] (.Tencent.) -- C:\ProgramData\ChelfNotify\BrowserUpdate.exe [690144] (.Activate.) =>.Superfluous.Tencent 
[MD5.00000000000000000000000000000000] [APT] [reve] (...) -- C:\Users\fujitsu\Videos\?é¬ï¦ïë «??§ ?鬩ïê ??髧ï«\001.mp3 (.not file.) [0] (.Activate.) =>.Superfluous.Empty 
[MD5.00000000000000000000000000000000] [APT] [ShanDian] (...) -- C:\Program Files\ShanDian\FinderPro.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty 
[MD5.00000000000000000000000000000000] [APT] [tuuxqxil] (...) -- C:\Users\fujitsu\Videos\?é¬ï¦ïë «??§ ?鬩ïê ??髧ï«\078.mp3 (.not file.) [0] (.Activate.) =>.Superfluous.Empty 
O39 - APT: ChelfNotify Task - (.Tencent.) -- C:\Windows\System32\Tasks\ChelfNotify Task [3444] =>.Superfluous.Tencent 
HKLM\SOFTWARE\TData =>.Superfluous.TDataCom 
HKLM\SOFTWARE\Tencent =>.Superfluous.Tencent 
HKCU\SOFTWARE\Tencent =>.Superfluous.Tencent 
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader 
HKLM\SOFTWARE\TData =>.Superfluous.TDataCom
HKLM\SOFTWARE\Tencent =>.Superfluous.Tencent 
HKCU\SOFTWARE\Tencent =>.Superfluous.Tencent 
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader 
O43 - CFD: 05/05/2016 - [] D -- C:\Program Files\Elex-tech =>.Superfluous.Elex 
O43 - CFD: 26/07/2016 - [] D -- C:\Program Files\WinSaber =>.Superfluous.WinSaber 
O43 - CFD: 21/08/2016 - [] D -- C:\Program Files\WinZipper =>.Superfluous.WinZipper 
O43 - CFD: 26/03/2016 - [] D -- C:\ProgramData\Tencent =>.Superfluous.Tencent 
O43 - CFD: 26/03/2016 - [0] D -- C:\ProgramData\TXQMPC =>.Superfluous.TXQMPC 
O43 - CFD: 31/05/2016 - [0] D -- C:\ProgramData\Uncheckit =>.Superfluous.Elex 

O43 - CFD: 26/03/2016 - [] D -- C:\Program Files\Common Files\Tencent =>.Superfluous.Tencent 

O43 - CFD: 30/05/2016 - [] D -- C:\Users\pc\AppData\Roaming\eCyber =>.Superfluous.Elex 

O43 - CFD: 26/03/2016 - [] D -- C:\Users\pc\AppData\Roaming\Tencent =>.Superfluous.Tencent 

O43 - CFD: 31/05/2016 - [] D -- C:\Users\pc\AppData\Roaming\Uncheckit =>.Superfluous.Elex 

O43 - CFD: 05/05/2016 - [] D -- C:\Users\pc\AppData\Roaming\WinZiper =>.Superfluous.WinZipper 
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll (Not file) =>PUP.SystemK 
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll (Not file) =>PUP.SystemK 
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.) 
O51 - MPSK:{88d1f17b-5c0e-11e4-8250-806e6f6e6963}\AutoRun\command. (...) -- F:\setup.exe (.not file.)

HKLM\SOFTWARE\yoursearchingSoftware =>PUP.Optional.YourSearching 
HKLM\SOFTWARE\yoursearchingSoftware =>PUP.Optional.YourSearching 
O45 - LFCP:[MD5.45557CC311963889BCDB6FBF2FA1038D] - 09-Dec-14 - 1:51:03 AM ---A- - C:\Windows\Prefetch\SNIPSMART.BOAS.EXE-04FDE64B.pf =>PUP.SnipSmart 
O45 - LFCP:[MD5.5B108C3AF92D4A87B8AF7DB17F50B3BF] - 09-Dec-14 - 1:51:03 AM ---A- - C:\Windows\Prefetch\SNIPSMART.BOASPRT.EXE-8A675921.pf =>PUP.SnipSmart 
O45 - LFCP:[MD5.288D592584CC6B9A312F6F3725B4F72B] - 22-Jan-15 - 12:33:25 AM ---A- - C:\Windows\Prefetch\SNIPSMART.PURBROWSE64.EXE-FE40B4D1.pf =>PUP.SnipSmart 
O45 - LFCP:[MD5.A517B6156DC9D2848C544C56214B4AFD] - 05-Apr-15 - 2:10:24 AM ---A- - C:\Windows\Prefetch\WPC_MYSTARTSEARCH.EXE-43CE90A0.pf =>PUP.StartSearch 
O45 - LFCP:[MD5.E6319E2A8FCFB9754EE2DFB5548008E6] 27/08/2016 A -- C:\Windows\Prefetch\WINDOWS LOADER.EXE-6178FC09.pf =>HackTool.WinActivator 

HKLM\SOFTWARE\yessearchesSoftware =>Adware.YesSearches 
HKCU\SOFTWARE\ICSW1.17 =>Adware.InstallCore 
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore 
HKLM\SOFTWARE\yessearchesSoftware =>Adware.YesSearches 
HKCU\SOFTWARE\ICSW1.17 =>Adware.InstallCore 
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore 
HKLM\SOFTWARE\eeaUDOiyy 
HKCU\SOFTWARE\eeaUDOiyy 
O43 - CFD: 05/05/2016 - [] D -- C:\ProgramData\eeaUDOiyy 
O43 - CFD: 05/05/2016 - [] D -- C:\Users\pc\AppData\Local\eeaUDOiyy 

O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\desktopfind =>HackTool.WinActivator 

O45 - LFCP:[MD5.E6319E2A8FCFB9754EE2DFB5548008E6] 27/08/2016 A -- C:\Windows\Prefetch\WINDOWS LOADER.EXE-6178FC09.pf =>HackTool.WinActivator 
O39 - APT: ruyiUpdate - (.????(??)????.) -- C:\Windows\Tasks\ruyiUpdate.job [318] {476AB70C913F23091F0B21B7416C5242} 
O39 - APT: ruyiUpdateBackup - (.????(??)????.) -- C:\Windows\Tasks\ruyiUpdateBackup.job [292] {476AB70C913F23091F0B21B7416C5242} 
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys 
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys 
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex64.sys 
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef64.sys