

Script ZHPFix
G1 - GCS: Preference [User Data\Default] http://www.searchgol.com =>Hijacker.SearchGol
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDealsO3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
O43 - CFD: 23/09/2013 - 16:53:53 - [0,851] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 11/09/2012 - 21:20:20 - [1,132] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O69 - SBI: SearchScopes [HKCU] {3B783D08-D28C-43C3-A458-20E9DD26F36A} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {4B6618AA-55C1-48AE-806F-130FFA9EB15C} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/07/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe   [42080]  =>Adware.MegaSearch
[MD5.1BE42EE5E0DFD8B190F889A013CA7D47] [SPRF][10/06/2013] (.DealPly Technologies Ltd. - DealPly.) -- C:\Users\MariVin's\AppData\Local\Temp\dp.exe   [846368]  =>PUP.DealPly
10/06/2013] (.Pas de propriétaire - LyricsPal.) -- C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe   [288672]  =>Adware.AddLyrics
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe   [110936]  =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe   [110936]  =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe   [110936]  =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe   [110936]  =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe   [110936]  =>Toolbar.Conduit
[MD5.DCE55F9EF42344C20E7D4B858D3712D7] [SPRF][10/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe   [589768]  =>Adware.PricePeep
[MD5.F4E3DE7B4898E37652F39A06BC9591E3] [SPRF][08/05/2013] (.Conduit - Search Protect by Conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe   [2824352]  =>Toolbar.Conduit
[MD5.AFE843667B8C01E4B0DA1BCB3AE0C1C2] [SPRF][10/04/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe   [70192]  =>Toolbar.Conduit
[MD5.85D4AB0939E2D92F4087772C16909BB5] [SPRF][10/04/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll   [5071648]  =>Toolbar.Conduit
[MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][10/04/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe   [86816]  =>Toolbar.Conduit
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe   [340464]  =>Toolbar.Babylon
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][10/06/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe   [295440]  =>Adware.MegaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}]   =>Adware.GamePlayLabs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
C:\Program Files (x86)\BonanzaDeals   =>Adware.BonanzaDeals^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\ProgramData\Software   =>Adware.Boxore
C:\Users\MariVin's\AppData\Local\Software   =>Adware.Boxore
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe   =>Toolbar.Conduit^
[HKCU\Software\BonanzaDealsLive]   =>Adware.BonanzaDeals^
[HKCU\Software\ForumerIT]   =>Toolbar.Forumer^
[HKLM\Software\Wow6432Node\BonanzaDealsLive]   =>Adware.BonanzaDeals^
C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe   =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\dp.exe   =>PUP.DealPly^
C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe   =>Adware.AddLyrics^
C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe   =>Adware.PricePeep^
C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe   =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon^
C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe   =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\Vid-SaverUninstaller_1373827396.log  =>Adware.VidSaver
FirewallRaz
EmptyFlash
Emptytemp