Script ZHPFix
[MD5.91D0D9B3E3F19234AF68E279AE28D815] - (.Microsoft - service.) -- C:\WINDOWS\system32\service.exe   [37888] [PID.1732]     
[MD5.8E26518D55A3BD473BAFAC5E29B86641] - (.Baidu Inc. - Spark Service.) -- C:\Program Files\baidu\Spark\sparkservice.exe   [83648] [PID.1388]   =>Adware.BDSearch 
[MD5.EB64C90C4066761EA9BBF19E425FEB26] - (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe   [1464512] [PID.2928]   =>Adware.BDSearch 
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml   =>Adware.Facemoods 
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com   =>Adware.Facemoods 
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com   =>Adware.Facemoods 
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0     
O23 - Service: Spark Browser Service (SparkSvc) . (.Baidu Inc. - Spark Service.) - C:\Program Files\baidu\Spark\sparkservice.exe   =>Adware.BDSearch 
[HKCU\Software\Install] 
[HKCU\Software\baidu]   =>Adware.BDSearch 
[HKLM\Software\ZbshaLab] 
O43 - CFD: 19/03/2014 - 23:29:06 - [112,421] ----D C:\Program Files\baidu   =>Adware.BDSearch 
O43 - CFD: 19/03/2014 - 23:18:16 - [4,594] ----D C:\Program Files\GUM30.tmp 
O64 - Services: CurCS - 13/03/2014 - C:\Program Files\baidu\Spark\sparkservice.exe (SparkSvc)  .(.Baidu Inc. - Spark Service.) - LEGACY_SPARKSVC   =>Adware.BDSearch 
O67 - Shell Spawning: <.html> <BDIPCSHTML>[HKCU\..\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe   =>Adware.BDSearch 
O68 - StartMenuInternet: <Spark> <Spark>[HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe   =>Adware.BDSearch 
O68 - StartMenuInternet: <Spark.exe> <>[HKLM\..\Shell\open\Command] (.Baidu Inc. - Spark.) -- C:\Program Files\baidu\Spark\Spark.exe   =>Adware.BDSearch 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.DNSErrUrl", "http://start.facemoods.com/?a=ddrnw&f=5");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.aflt", "ddrnw");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.dfltSrch", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.dnsErr", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.firstRun", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.hmpg", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.hmpgUrl", "http://start.facemoods.com/?a=ddrnw");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.id", "640e003a0000000000001078d2ea2c87");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.instlDay", "16148");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.mntz", "");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.newTab", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.newTabUrl", "http://start.facemoods.com/?a=ddrnw&f=2");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.prtnrId", "facemoods.com");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.searchProviderAdded", true);   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.sid", "bac9b57fe2ef44de90d0dcba3f8b7d2a");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.tlbrSrchUrl", "http://start.facemoods.com/?a=ddrnw&f=3");   =>Adware.Facemoods 
O69 - SBI: prefs.js [Administrateur - 1eyfrht4.default] user_pref("extensions.facemoods.vrsn", "1.4.17.11");   =>Adware.Facemoods 
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} [DefaultScope] - (Facemoods Search) - http://start.facemoods.com   =>Adware.Facemoods 
SR - | Auto 02/03/2014 37888 |  (Service1) . (.Microsoft.) - C:\WINDOWS\system32\service.exe     
SR - | Auto 13/03/2014 83648 |  (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark\sparkservice.exe   =>Adware.BDSearch 
[HKLM\SYSTEM\CurrentControlSet\Services\SparkSvc]   =>Adware.BDSearch^ 
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]   =>Adware.Facemoods 
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}]   =>Adware.BullseyeToolbar 
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]   =>Adware.Facemoods 
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]   =>Adware.Facemoods 
C:\Program Files\baidu   =>Adware.BDSearch^ 
C:\Program Files\baidu\Spark\sparkservice.exe   =>Adware.BDSearch^ 
C:\Program Files\baidu\Spark\Spark.exe   =>Adware.BDSearch^ 
[HKCU\Software\baidu]   =>Adware.BDSearch^ 

EmptyFlash
EmptyTemp
EmptyClsid
FirewallRaz
Proxyfix
SysRestore