Script ZHPFix 
FirewallRaz 
EmptyPrefetch 
EmptyTemp

O43 - CFD: 28/04/2017 - [] D -- C:\Program Files\0f88ispz =>.Superfluous.Elex 
O43 - CFD: 27/04/2017 - [] D -- C:\Users\kapro\AppData\Roaming\6682234 
O43 - CFD: 27/04/2017 - [0] D -- C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} 
O87 - FAEL: "{AF55726B-9B9E-41D8-BF65-E79776827A9A}" [In-None-P6-TRUE] .(...) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe (.not file.) =>.Superfluous.AdvanceSystemCare 
O87 - FAEL: "{A8047ACE-4136-451B-BE61-72AEF4E77124}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe (.not file.) =>.Superfluous.AdvanceSystemCare 
C:\Program Files\0f88ispz =>.Superfluous.Elex 
[HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{AF55726B-9B9E-41D8-BF65-E79776827A9A} =>.Superfluous.AdvanceSystemCare 
[HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{A8047ACE-4136-451B-BE61-72AEF4E77124} =>.Superfluous.AdvanceSystemCare 
O23 - Service: KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator 
SR - Auto [27/04/2017] [ 23040] KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator 
[MD5.45CC0A256BED89A997725A6B264CC3EC] - (...) -- C:\Windows\KMS-R@1n.exe [23040] [PID.2188] =>HackTool.WinActivator 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://77mleq3.club 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ontarian.club 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://easylist-downloads.adblockplus.org 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://notification.adblockplus.org 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://uib.ff.avast.com =>.Avast Software s.r.o 
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook 
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm 
O87 - FAEL: "{2DFA83A4-0725-4A43-9A3F-E218862169CC}" [In-None-P6-TRUE] .(...) -- C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator 
O87 - FAEL: "{B8FEEFDE-1D6A-45E0-A461-AE69FD1E845C}" [Out-None-P6-TRUE] .(...) -- C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator 
HKLM\SYSTEM\CurrentControlSet\Services\KMS-R@1n =>HackTool.WinActivator 
C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator 
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.oursurfing.com/ =>PUP.Optional.OurSurfing
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer 
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.initialsite123.com/ =>Hijacker.Browser
HKLM\SOFTWARE\0896B71DDCF9A7C42BA835B85BF78EDC =>Adware.CrossRider 
HKCU\SOFTWARE\0896B71DDCF9A7C42BA835B85BF78EDC =>Adware.CrossRider 
HKLM\SOFTWARE\CLSID =>.Unknow 
HKLM\SOFTWARE\coazering.exe 
[MD5.6BF3B86782B7911B76029737162AE206] [APT] [Baidu LiveUpdate] (.Baidu, Inc..) -- C:\Program Files\Baidu WiFiHotspot\liveupdate.exe [497632] (.Activate.) =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® 
O39 - APT: Baidu LiveUpdate - (.Baidu, Inc..) -- C:\Windows\System32\Tasks\Baidu LiveUpdate [3172] =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® 
O4 - GS\Desktop [Administrateur]: Baidu WiFi Hotspot.lnk . (.Baidu, Inc. - Baidu Wifi Sharing.) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe -shortcut =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® 
O4 - GS\Desktop [kapro]: Baidu WiFi Hotspot.lnk . (.Baidu, Inc. - Baidu Wifi Sharing.) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe -shortcut =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® 
O42 - Logiciel: Baidu WiFi Hotspot - (.Baidu, Inc..) [HKLM] -- Baidu WiFi Hotspot =>.Baidu, Inc. 
HKLM\SOFTWARE\Baidu_Drp_pos =>.Baidu Technology 
HKCU\SOFTWARE\Baidu Security =>.Baidu Technology 
HKCU\SOFTWARE\Baidu WiFiHotspot 
O43 - CFD: 29/04/2017 - [] D -- C:\Program Files\Baidu WiFiHotspot =>.Baidu Online Network Technology (Beijing)Co., Ltd® 
O43 - CFD: 29/04/2017 - [] D -- C:\Program Files\MSA86E.tmp =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® 
O43 - CFD: 29/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot 
O43 - CFD: 27/04/2017 - [] D -- C:\Users\kapro\AppData\Roaming\Baidu =>.Baidu 
O46 - SEH:ShellExecuteHooks - (no name) - [HKLM] - {2A0EC692-2680-11E7-8B19-64006A5CFC23} . (...) -- (.not file.) 
O87 - FAEL: "{DDA899DB-F55E-49B0-9F0C-D239E0A153AB}" [In-None-P6-TRUE] .(...) -- C:\Program Files\MIO\loader\wdcxwd3200bekt-60v5t1_wd-wxd1a400627406274.dat (.not file.) 
O87 - FAEL: "{447E6293-21BE-42C3-B847-6A6241B9ED0D}" [In-None-P17-TRUE] .(...) -- C:\Program Files\MIO\loader\wdcxwd3200bekt-60v5t1_wd-wxd1a400627406274.dat (.not file.) 
O87 - FAEL: "{8DB2C646-3F9A-473A-ADF2-BCE19EB53F10}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Everness\Application\chrome.exe (.not file.) 
O87 - FAEL: "{845D2FC1-50B4-451B-B8C5-1F6FFCEE9F26}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Firefox\Firefox.exe (.not file.)