Script ZHPFix
O4 - HKCU\..\Run: [T3ZAPRJD7M] C:\Program Files (x86)\DPower\0IOVTX584J.exe (.not file.)
O4 - HKUS\S-1-5-21-3962852418-1576894202-1919392729-1000\..\Run: [T3ZAPRJD7M] C:\Program Files (x86)\DPower\0IOVTX584J.exe (.not file.)
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.4.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.904]  =>.NVIDIA Corporation
[MD5.00000000000000000000000000000000] - (.Hewlett-Packard Company - HpService.) -- C:\Windows\system32\Hpservice.exe [0] [PID.1432]  =>.Hewlett-Packard Company
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.4.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.1612]  =>.NVIDIA Corporation
[MD5.01B1E0F46CA45319742F87D566FD7EEB] - (...) -- C:\Windows\Temp\gA9E6.tmp.exe [240640] [PID.1708]  =>Heuristic.Suspect
O23 - Service: Grerzuied (Grerzuied) . (...) - C:\Program Files (x86)\Drenackghowedom\BoforyMng.dll  =>Adware.Suspect
SR - Auto   [24/01/2017] [  147968]  Grerzuied (Grerzuied) . (...) - C:\Program Files (x86)\Drenackghowedom\BoforyMng.dll  =>Adware.Suspect
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxkgsthc4wmtib36rvexixyhefeszb4osdiz8rniotapywifpwa8kizpfmmjk5eiys6fzl_psbtfkq1rxa0fbbjf3shyxblfyftyw9e3tj6bewxtssmiuy6mghzweqvu-rczmkhesriihxftulage-loup0cpytltp8zzdhxnlq,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxkgsthc4wmtib36rvexixyhefeszb4osdiz8rniotapywifpwa8kizpfmmjk5eiys6fzl_psbtfkq1rxa0fbbjf3shyxblfyftyw9e3tj6bewxtssmiuy6mghzweqvu-rczmkhesriihxftulage-loup0cpytltp8zzdhxnlq,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxkgsthc4wmtib36rvexixyhefeszb4osdiz8rniotapywifpwa8kizpfmmjk5eiys6fzl_psbtfkq1rxa0fbbjf3shyxblfyftyw9e3tj6bewxtssmiuy6mghzweqvu-rczmkhesriihxftulage-loup0cpytltp8zzdhxnlq,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxkgsthc4wmtib36rvexixyhefeszb4osdiz8rniotapywifpwa8kizpfmmjk5eiys6fzl_psbtfkq1rxa0fbbjf3shyxblfyftyw9e3tj6bewxtssmiuy6mghzweqvu-rczmkhesriihxftulage-loup0cpytltp8zzdhxnlq,,&q={searchterms}  =>.Superfluous.Linkury
R1 - HKEY_USERS\S-1-5-21-3962852418-1576894202-1919392729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxkgsthc4wmtib36rvexixyhefeszb4osdiz8rniotapywifpwa8kizpfmmjk5eiys6fzl_psbtfkq1rxa0fbbjf3shyxblfyftyw9e3tj6bewxtssmiuy6mghzweqvu-rczmkhesriihxftulage-loup0cpytltp8zzdhxnlq,,&q={searchterms}  =>.Superfluous.Linkury
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan  =>.Microsoft Internet Explorer
HKLM\SOFTWARE\Wow6432Node\A261A9199A40C59ACDD8897F67C75A23  =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\Grerzuied  =>Adware.Suspect
HKLM\SOFTWARE\Wow6432Node\McAfee.com  =>.McAfee Inc
HKCU\SOFTWARE\Norton  =>.Norton
O43 - CFD: 24/01/2017 - [] D -- C:\ProgramData\AVAST Software  =>.AVAST Software
O43 - CFD: 24/01/2017 - [] D -- C:\ProgramData\Avg  =>.AVG Software
O43 - CFD: 24/01/2017 - [] D -- C:\ProgramData\Avira  =>.Avira Software
O43 - CFD: 23/08/2015 - [] D -- C:\ProgramData\McAfee  =>.McAfee
O43 - CFD: 29/07/2013 - [] D -- C:\ProgramData\Norton  =>.Norton
O43 - CFD: 29/07/2013 - [] D -- C:\ProgramData\NortonInstaller  =>.Symantec
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - [HKLM] [64Bits] - {E54729E8-643D-4270-9D49-7389EA579090} . (...) --  (.not file.)
O46 - SEH:ShellExecuteHooks - (no name) - [HKLM] [64Bits] - {17FEF462-DE3D-11E6-96EE-64006A5CFC23} . (...) --  (.not file.)
O58 - SDL:2017/01/27 11:00:31 A . (.Auteurs - .) -- C:\Windows\System32\drivers\NetUtils2016.sys   [909944]  =>.Superfluous.HDWallPaper
O87 - FAEL: "TCP Query User{B356E301-E63F-4191-B33E-000E773881CC}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe (.not file.)
O87 - FAEL: "UDP Query User{A0E3078E-C422-40F4-82CD-2A222C253B0D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe (.not file.)
O87 - FAEL: "{D3B6237C-6175-4E16-A551-DC9E7B043DA4}" [In-None-P17-TRUE] .(...) -- C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe (.not file.)
O87 - FAEL: "{F4E98A06-1DEF-450F-A520-EB0DDD10D4E9}" [Out-None-P17-TRUE] .(...) -- C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe (.not file.)
C:\Program Files (x86)\Drenackghowedom\BoforyMng.dll  =>Adware.Suspect
C:\Windows\Temp\gA9E6.tmp.exe  =>Heuristic.Suspect
FirewallRaz 
EmptyPrefetch 
EmptyTemp 
EmptyFlash