~ ZHPFix v2019.5.2.57 by Nicolas Coolman (2019/05/02)
~ Run by Ducret Jean-Marie (Administrator)  (20/05/2019 20:55:04)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\Ducret Jean-Marie\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)



---\\  SCRIPT DE L'UTILISATEUR.  (63)
Script ZHPFix
EmptyCLSID
Emptytemp
EmptyFlash
UnMaskSoftware: Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
C:\Users\Ducret Jean-Marie\AppData\Roaming\_MDLogs
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
O4 - HKCU\..\Run: [Skype] . (. - .) -- C:\Program Files (x86)\Skype\Phone\Skype.exe (.Not File.)
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Media Server] . (. - .) -- C:\Program Files (x86)\Wondershare\VCU\MediaLibServer.exe (.Not File.)
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (. - .) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.Not File.)
O4 - HKUS\S-1-5-21-232612768-1085688930-333574207-1000\..\Run: [Skype] . (. - .) -- C:\Program Files (x86)\Skype\Phone\Skype.exe (.Not File.)
O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} (.Orphan.)
O108 - CMH1: ShellExtension [64Bits] - . (.Orphan.)
O108 - CMH4: ShellExtension [64Bits] - . (.Orphan.)
O108 - CMH7: ShellExtension [64Bits] - . (.Orphan.)
O87 - FAEL: "TCP Query User{197B6437-CA3F-4A83-AD61-C0767D2D0B0F}C:\program files (x86)\wondershare\vcu\mediaserver.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\mediaserver.exe (.not file.)
O87 - FAEL: "UDP Query User{9A48BD97-11B1-4757-A5A7-E7672F25445C}C:\program files (x86)\wondershare\vcu\mediaserver.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\mediaserver.exe (.not file.)
O87 - FAEL: "TCP Query User{2DCBBAD1-4C03-42C4-BF2F-6A542AB22778}C:\program files (x86)\wondershare\vcu\medialibserver.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\medialibserver.exe (.not file.)
O87 - FAEL: "UDP Query User{A13D35B5-F7D7-4584-B5D3-7E9DE66DF931}C:\program files (x86)\wondershare\vcu\medialibserver.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\medialibserver.exe (.not file.)
O87 - FAEL: "TCP Query User{850BB0A5-AC97-4ECC-A17A-748A9D522844}C:\program files (x86)\wondershare\vcu\medialibserver.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\medialibserver.exe (.not file.)
O87 - FAEL: "UDP Query User{87BEBEDC-6221-4C2D-824F-5CC118C11D63}C:\program files (x86)\wondershare\vcu\medialibserver.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\wondershare\vcu\medialibserver.exe (.not file.)
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellExtension
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ShellExtension
HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ShellExtension
C:\Users\DUCRET~1\AppData\Local\Temp\tmp-meg.xpi
O23 - Service: Easybits Services for Windows (ezSharedSvc) . (...) - C:\Windows\System32\ezSharedSvcHost.exe (.not file.)
SR - Demand [00/00/0000] [ 0] (catchme) . (...) - C:\Users\DUCRET~1\AppData\Local\Temp\catchme.sys (.not file.)
SR - Auto [00/00/0000] [ 0] Easybits Services for Windows (ezSharedSvc) . (...) - C:\Windows\System32\ezSharedSvcHost.exe (.not file.)
G2 - GCE: Preference [Ducret Jean-Marie][User Data\Default] [flliilndjeohchalpbbcdekjklbdgfkk] Avira Operations GmbH & Co. KG
HKLM\SOFTWARE\WOW6432Node\Avira
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (...) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
HKLM\SOFTWARE\McAfee.com
HKLM\SOFTWARE\mcafeeupdater
HKLM\SOFTWARE\WOW6432Node\McAfee.com
HKLM\SOFTWARE\WOW6432Node\mcafeeupdater
O43 - CFD: 09/03/2017 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 10/12/2012 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee
O23 - Service: Easybits Services for Windows (ezSharedSvc) . (...) - C:\Windows\System32\ezSharedSvcHost.exe (.not file.)
SR - Auto [00/00/0000] [ 0] Easybits Services for Windows (ezSharedSvc) . (...) - C:\Windows\System32\ezSharedSvcHost.exe (.not file.)
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2056]
HKLM\SOFTWARE\WOW6432Node\EasyBits
HKCU\SOFTWARE\EasyBits
HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\EasyBits
O43 - CFD: 28/11/2015 - [] D -- C:\Program Files (x86)\EasyBits For Kids
HKCU\SOFTWARE\Bitdefender
HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\Bitdefender
O43 - CFD: 28/08/2014 - [] D -- C:\Users\Ducret Jean-Marie\AppData\Roaming\QuickScan
HKCU\SOFTWARE\ZebHelpProcess Helper
HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\ZebHelpProcess Helper
cmd: ipconfig /flushdns
cmd: netsh winsock reset
cmd: netsh advfirewall reset
cmd: Netsh advfirewall set allprofiles state on




---\\  LOGICIEL.  (0)


---\\  SERVICE.  (2)
ARRETÉ : HKLM\SYSTEM\CurrentControlSet\Services\ezSharedSvc [No File found]
ABSENT Service: ezSharedSvc [No File found]


---\\  TÂCHE PLANIFIÉE.  (0)


---\\  NAVIGATEUR INTERNET.  (1)
SUPPRIMÉ Dossier Chrome: C:\Users\Ducret Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk


---\\  EXPLORATEUR ( Dossiers, Fichiers ).  (24)
SUPPRIMÉ Dossier EmptyCLSID: C:\Users\Ducret Jean-Marie\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\AdobeARM.log
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\JavaDeployReg.log
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\jusched.log
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\DUCRET~1\AppData\Local\Temp\logger.log
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI12be0.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI18e98.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI24578.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI2457d.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI4ce56.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI4ce5b.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI66519.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSI6651e.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSIf4c2c.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\MSIf4c31.LOG
DEPLACÉ Fichier Temp: C:\Users\DUCRET~1\AppData\Local\Temp\nsmail.png
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\DUCRET~1\AppData\Local\Temp\JETB2F9.tmp
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\DUCRET~1\AppData\Local\Temp\~DF64EFB08494947910.TMP
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\DUCRET~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
SUPPRIMÉ Dossier : C:\Users\Ducret Jean-Marie\AppData\Roaming\_MDLogs
SUPPRIMÉ Dossier : C:\ProgramData\McAfee
SUPPRIMÉ Redémarrage  Dossier ^: C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee
SUPPRIMÉ Dossier : C:\Program Files (x86)\EasyBits For Kids
SUPPRIMÉ Dossier : C:\Users\Ducret Jean-Marie\AppData\Roaming\QuickScan


---\\  REGISTRE ( Clés, Valeurs, Données ).  (43)
ABSENT Donnée  Software: 1 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnMaskSoftware: Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden\\SystemComponent]
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com [staticimgfarm.com]
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com [ak.staticimgfarm.com]
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com [ask.com]
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
SUPPRIMÉ Valeur  Run: Skype [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\]
SUPPRIMÉ Valeur  Run: Wondershare Media Server [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\]
SUPPRIMÉ Valeur  Run: Wondershare Helper Compact.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\]
ABSENT Valeur Run: HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files (x86)\Skype\Phone\Skype.exe (.Not File.)]
SUPPRIMÉ Clé BHO: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
ABSENT Clé BHO: HKLM64\SOFTWARE\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
SUPPRIMÉ Clé CMH: HKLM64\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellExtension [ShellExtension1]
ABSENT Clé CMH: HKLM64\SOFTWARE\Classes\CLSID\ShellExtension [64Bits] -
SUPPRIMÉ Clé CMH: HKLM64\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ShellExtension [ShellExtension4]
SUPPRIMÉ Clé CMH: HKLM64\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ShellExtension [ShellExtension7]
SUPPRIMÉ Valeur  FirewallRules: TCP Query User{197B6437-CA3F-4A83-AD61-C0767D2D0B0F}C:\program files (x86)\wondershare\vcu\mediaserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur  FirewallRules: UDP Query User{9A48BD97-11B1-4757-A5A7-E7672F25445C}C:\program files (x86)\wondershare\vcu\mediaserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur  FirewallRules: TCP Query User{2DCBBAD1-4C03-42C4-BF2F-6A542AB22778}C:\program files (x86)\wondershare\vcu\medialibserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur  FirewallRules: UDP Query User{A13D35B5-F7D7-4584-B5D3-7E9DE66DF931}C:\program files (x86)\wondershare\vcu\medialibserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur  FirewallRules: TCP Query User{850BB0A5-AC97-4ECC-A17A-748A9D522844}C:\program files (x86)\wondershare\vcu\medialibserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur  FirewallRules: UDP Query User{87BEBEDC-6221-4C2D-824F-5CC118C11D63}C:\program files (x86)\wondershare\vcu\medialibserver.exe [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Clé: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
ABSENT Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellExtension
ABSENT Clé: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ShellExtension
ABSENT Clé: HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ShellExtension
ABSENT Clé Service: HKLM\SYSTEM\CurrentControlSet\Services\ezSharedSvc
SUPPRIMÉ Clé Service: HKLM\SYSTEM\CurrentControlSet\Services\catchme [No File found]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\Avira [Avira]
SUPPRIMÉ Clé: HKLM\SOFTWARE\McAfee.com [McAfee.com]
SUPPRIMÉ Clé: HKLM\SOFTWARE\mcafeeupdater [mcafeeupdater]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\McAfee.com [McAfee.com]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\mcafeeupdater [mcafeeupdater]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\EasyBits [EasyBits]
SUPPRIMÉ Clé: HKCU\SOFTWARE\EasyBits [EasyBits]
ABSENT Clé: HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\EasyBits
SUPPRIMÉ Clé: HKCU\SOFTWARE\Bitdefender [Bitdefender]
ABSENT Clé: HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\Bitdefender
SUPPRIMÉ Clé: HKCU\SOFTWARE\ZebHelpProcess Helper [ZebHelpProcess Helper]
ABSENT Clé: HKU\S-1-5-21-232612768-1085688930-333574207-1000\SOFTWARE\ZebHelpProcess Helper


---\\  COMMANDE.  (7)
~ EmptyCSID: Dossiers CLSID vides supprimés  (1)
~ EmptyTemp: Dossier Local temp partiellement vidé  (18)
~ EmptyFlash: Fichiers Temporaires supprimés. (2)
~ Command spéciale exécutée avec succès: ipconfig /flushdns
~ Command spéciale exécutée avec succès: netsh winsock reset
~ Command spéciale exécutée avec succès: netsh advfirewall reset
~ Command spéciale exécutée avec succès: Netsh advfirewall set allprofiles state on


---\\  NON TRAITÉ.  (1)
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe 

~ Le système a été redémarré.

***** ~ Fin de rapport terminé en 00h01mn15s