Script ZHPFix 
FirewallRaz 
EmptyPrefetch 
EmptyTemp
O23 - Service: ByteFence Anti-Malware Service (ByteFenceService) . (.Byte Technologies LLC - ByteFence Anti-Malware.) - C:\Program Files\ByteFence\ByteFenceService.exe  =>.Superfluous.ByteFence  =>.Superfluous.ByteFence
O23 - Service: ByteFence Security Real-time Protection (rtop) . (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe  =>.Superfluous.ByteFence  =>.Superfluous.ByteFence
SR - Auto   [22/03/2017] [  144864]  ByteFence Anti-Malware Service (ByteFenceService) . (.Byte Technologies LLC.) - C:\Program Files\ByteFence\ByteFenceService.exe  =>.Superfluous.ByteFence  =>.Superfluous.ByteFence
SR - Auto   [30/03/2017] [  304456]  ByteFence Security Real-time Protection (rtop) . (.Copyright Byte Technologies LLC..) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe  =>.Superfluous.ByteFence  =>.Superfluous.ByteFence
[MD5.9941706081CA1445DD8E2B441AB6BB0A] [APT] [ByteFence] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe   [3534816] (.Activate.)  =>.Superfluous.ByteFence
[MD5.9941706081CA1445DD8E2B441AB6BB0A] [APT] [ByteFence Scan] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe   [3534816] (.Activate.)  =>.Superfluous.ByteFence
[MD5.00000000000000000000000000000000] [APT] [{486742D8-8B0F-4E4D-85E9-4D1B03D791D2}] (...) -- D:\ClicknConnect.exe (.not file.)   [0] (.Activate.)  =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4}] (...) -- E:\sp57965.exe (.not file.)   [0] (.Activate.)  =>.Superfluous.Empty
O39 - APT: ByteFence - (.Byte Technologies LLC.) -- C:\Windows\System32\Tasks\ByteFence  [3388]   =>.Superfluous.ByteFence
O39 - APT: ByteFence Scan - (.Byte Technologies LLC.) -- C:\Windows\System32\Tasks\ByteFence Scan  [3484]   =>.Superfluous.ByteFence
O39 - APT: {486742D8-8B0F-4E4D-85E9-4D1B03D791D2} - (...) -- C:\Windows\System32\Tasks\{486742D8-8B0F-4E4D-85E9-4D1B03D791D2}  [3056]  (.Orphan.)  =>.Superfluous.Orphan
O39 - APT: {8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4} - (...) -- C:\Windows\System32\Tasks\{8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4}  [3044]  (.Orphan.)  =>.Superfluous.Orphan
O4 - HKLM\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
O4 - HKCU\..\Run: [SysinfY2X] C/c start wscript 
O4 - HKCU\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
O4 - HKUS\S-1-5-21-4162035530-3655062904-1175661507-1000\..\Run: [SysinfY2X] C/c start wscript 
O4 - HKUS\S-1-5-21-4162035530-3655062904-1175661507-1000\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
[MD5.0AE8007FB978B50F094E7DDA9EBA6459] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFenceService.exe [144864] [PID.2176]  =>.Superfluous.ByteFence
[MD5.A8FBDF79F7BFF18AC1E55D41EE6A5030] - (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456] [PID.3296]  =>.Superfluous.ByteFence
[MD5.A0270CE04D72C81E9D719D495604D4C9] - (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe [619848] [PID.3416]  =>.Superfluous.ByteFence
P2 - EXT FILE: (.\u0421\u043E\u0432\u0435\u0442\u043D\u - \u041d\u0435 \u0442\u0440\u0430\u0442\.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\sovetnik@metabar.ru.xpi
P2 - EXT FILE: (.Визуальные закладки - Визуальные закладки – это страница, на.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru.xpi
P2 - EXT FILE: (.Кампанент Элементы Яндекса - Хуткі доступ да ўсіх магчымасцяў Яндек.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru.xpi
P2 - EXT FILE: (.Yahoo® - Yahoo Search.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo-lavasoft.xml  =>.Yahoo®
P2 - EXT: (.http://www.cacaoweb.org/ - cacaoweb.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\cacaoweb@cacaoweb.org  =>.Superfluous.CacaoWeb
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en-maktoob.yahoo.com/  =>.Yahoo! Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk  =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-4162035530-3655062904-1175661507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/  =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/  =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan  =>.Microsoft Internet Explorer
O3 - Toolbar: Movies Toolbar (Dist. by Bandoo Media, Inc.) - [HKLM]{2977d8cc-8902-4340-be88-2c676bf96b8d} . (...) --  (.not file.)  =>PUP.Optional.MoviesToolbar
O4 - GS\Programs [Administrateur]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe    =>Adware.Bandoo

O17 - HKLM\System\CCS\Services\Tcpip\..\{15C40ECA-6D4F-42A1-B66B-4AD7D860E750}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC9703D-F4CF-4411-8873-4362283E9258}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A05F9B7-2534-4889-A03C-52C84825B4CD}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{47DF386F-0D48-4A1C-8A03-812EC0F60429}: NameServer = 81.192.21.81 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6677CC67-0AF2-49CB-AF2D-1742CD1A1A51}: NameServer = 192.168.50.58 192.168.60.55  =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFF9189-941C-4FD3-90D0-9AE45337820E}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CC42914-3FD8-4201-B86A-BB958C884BBB}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{747F64EF-93FC-457C-9974-C8D172825296}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{905CF6CF-8E69-4DCB-81EC-122D20DA58E6}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{93043BFE-E291-49A1-A0F8-CA27CDE02B73}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3CCEA91-4D87-4D2C-9C01-11FC1AC37B42}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{A42E077D-531E-48E3-9E31-EA12CA7F9CB0}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8ED65C6-D9D1-44BA-9311-BDCE3DF6B0A1}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{C49996D1-26A0-46D4-AF06-9D95E3EC8DA3}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{C52D372A-2636-450E-8DB4-0322ACE79110}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE9C248C-1F04-4E35-BBAE-95D3B229D1EC}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1C4D9F-4F6A-4695-9D15-CA99595DB7ED}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{D04BB29B-B85F-42AE-BBB3-816CFC492595}: NameServer = 192.168.50.58 192.168.60.55  =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{D13ABE3E-8B77-429D-9E99-49419BE3E797}: NameServer = 41.214.140.5 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4BE7E82-3694-4386-8194-D19C2E84188B}: NameServer = 41.214.140.4 8.8.8.8  =>.Google Inc
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB95FD11-50F9-47E2-8B25-1A169A1083D4}: NameServer = 192.168.50.58 192.168.60.55  =>.Local IP Adress
HKLM\SOFTWARE\Wow6432Node\ByteFence  =>.Superfluous.ByteFence
HKLM\SOFTWARE\Wow6432Node\SweetIM  =>PUP.Optional.SweetIM
HKLM\SOFTWARE\Wow6432Node\Torch  =>.Superfluous.Torch
HKCU\SOFTWARE\ByteFence  =>.Superfluous.ByteFence
HKCU\SOFTWARE\cacaoweb  =>.Superfluous.CacaoWeb
HKLM\SOFTWARE\Wow6432Node\Vittalia  =>PUP.Optional.Vittalia
HKCU\SOFTWARE\csastats  =>Adware.InstallCore
HKCU\SOFTWARE\ilivid  =>Adware.Bandoo
HKCU\SOFTWARE\Magicbit  =>.Superfluous.Magicbit
HKCU\SOFTWARE\ProductSetup  =>Adware.InstallCore
HKCU\SOFTWARE\应用程序向导生成的本地应用程序
HKCU\SOFTWARE\Torch  =>.Superfluous.Torch
O43 - CFD: 08/04/2017 - [] D -- C:\Program Files\ByteFence  =>.Superfluous.ByteFence
O43 - CFD: 30/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware  =>.Superfluous.ByteFence
O43 - CFD: 30/03/2017 - [] D -- C:\ProgramData\ByteFence  =>.Superfluous.ByteFence
O43 - CFD: 23/03/2017 - [] D -- C:\ProgramData\Goodgame Empire  =>.Superfluous.GoodGameEmpire
O43 - CFD: 13/07/2016 - [] D -- C:\Users\Bouchra\AppData\Roaming\cacaoweb  =>.Superfluous.CacaoWeb
O43 - CFD: 02/03/2014 - [0] D -- C:\Users\Bouchra\AppData\Local\genienext  =>PUP.Optional.NextLive
O43 - CFD: 20/05/2014 - [] D -- C:\Users\Bouchra\AppData\Local\iLivid  =>Adware.Bandoo
O43 - CFD: 03/07/2014 - [] D -- C:\Users\Bouchra\AppData\Local\Torch  =>.Superfluous.Torch
O43 - CFD: 15/10/2016 - [0] D -- C:\Users\Bouchra\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2}  =>.Superfluous.Empty
O43 - CFD: 15/10/2016 - [0] D -- C:\Users\Bouchra\AppData\Local\{C1C46F64-CDA0-44F3-B198-D652F918E413}  =>.Superfluous.Empty
O69 - SBI: prefs.js [Bouchra - nahd6ha2.default] user_pref("extensions.xpiState", "{\"app-profile\":{\"cacaoweb@cacaoweb.org\":{\"d\":\"C:\\\\Users\\\\Bouchra\\\\AppData\\\\Roamin[...]  =>.Superfluous.CacaoWeb

O69 - SBI: SearchScopes [HKCU] C34E1F4EDCB1F388500E97C91129EE6E - (Bing) - http://www.bing.com/  =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Яндекс) - http://yandex.ru/
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com/  =>Adware.Bandoo
O69 - SBI: SearchScopes [HKCU] {C0C3A6C6-03BC-4195-8FCB-AEA091301353} - (Yahoo!) - http://search.yahoo.com/  =>.Yahoo! Inc.
O69 - SBI: SearchScopes [HKLM] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com/  =>Adware.Bandoo
[MD5.] [WIS][2013/12/29 22:54:57] (.SweetIM Technologies Ltd. - InstallShield® 2008 - Professional Edition.) -- C:\Windows\Installer\ad3064.msi   [2732544]  =>PUP.Optional.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32  =>PUP.Optional.SecretSauce
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASMANCS  =>PUP.Optional.SecretSauce
HKLM64\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32  =>PUP.Optional.PutLocker
HKLM64\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS  =>PUP.Optional.PutLocker