---------- | AdsFix | g3n-h@ckm@n | V4_29.04.17.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 21:54:18 - 29/04/2017

Mis a jour le : 29/04/2017 | 08.10 (GMT) par g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe
Boot: Normal boot
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] -  (France [040C])
SID = S-1-5-21-1766228302-1366166313-1596766668-1001 || [4a65616e2d4d61726965205e5e]
PC : Hewlett-Packard - 2AE3 - D2J52EA#ABF
Processor : X64 - 1397 - AMD E1-1200 APU with Radeon(tm) HD Graphics
Bios : AMI - 01/25/2013 - V.8.17
CoreTemp : ? C

CPU #1 value:100 %
CPU #2 value:100 %
Total Overall CPU Usage value:100 %

Systeme : Windows 10 Home (64 bits) Core 
Memoire RAM = Total (MB) : 3748 | Libre (MB) : 310
Pagefile = Total (MB) : 6346 | Libre (MB) : 2577
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3876

A:\ -> [Removable] | [FOLD-IT SAR] | Total : 14.91 Go | Free : 3.5 Go -> FAT32 [USB]
C:\ -> [Fixed] | [OS] | Total : 930.6 Go | Free : 741.99 Go -> NTFS [SATA]
D:\ -> [Removable] | [MEMTEST86] | Total : 0.05 Go | Free : 0.04 Go -> FAT [USB]
E:\ -> [Fixed] | [zalman ZM- VE350] | Total : 931.06 Go | Free : 412.77 Go -> NTFS [USB]
F:\ -> [CDROM] | [EOTSQXMH] | Total : 0.42 Go | Free : 0 Go -> CDFS [SATA]
G:\ -> [Removable] | [FRAMA SALIX] | Total : 28.78 Go | Free : 1.55 Go -> FAT32 [USB]
H:\ -> [Removable] | [CLONEZILLA] | Total : 7.24 Go | Free : 0.07 Go -> FAT32 [USB]
I:\ -> [Removable] | [] | Total : 0.1 Go | Free : 0.09 Go -> FAT [USB]
K:\ -> [Removable] | [EMTECH YUMI] | Total : 57.68 Go | Free : 5.46 Go -> FAT32 [USB]
L:\ -> [Fixed] | [events 11-16 fev 2017] | Total : 465.76 Go | Free : 333.76 Go -> NTFS [USB]
M:\ -> [Removable] | [wintobootic] | Total : 119.5 Go | Free : 98.71 Go -> NTFS [USB]
N:\ -> [Removable] | [STYLO ESPIO] | Total : 3.7 Go | Free : 1.5 Go -> FAT32 [USB]
Q:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0.28 Go -> FAT32 [USB]
S:\ -> [Removable] | [YUMI SARDU] | Total : 14.31 Go | Free : 0 Go -> FAT32 [USB]
T:\ -> [Removable] | [PARTED MAGI] | Total : 15 Go | Free : 0.01 Go -> FAT32 [USB]
V:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 26.04 Go -> exFAT [USB]
W:\ -> [Removable] | [FRAMA ASSO] | Total : 2.92 Go | Free : 0.09 Go -> FAT32 [USB]
X:\ -> [Removable] | [] | Total : 183.3 Go | Free : 15.06 Go -> exFAT [USB]
Y:\ -> [Removable] | [WINTOBOOTIC] | Total : 57.91 Go | Free : 43.01 Go -> NTFS [USB]

Sauvegarde du registre , pour restaurer :  Cliquer sur Options & Restaurer le registre (C:\AdsFix\Save\Registry [29.04.2017 @ 21_53_54]) ou un element
Restauration de fichiers ou dossiers supprimes par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Selectionner un element >> "Restaurer"

---------- | Mises a jour Windows

Windows Is Activated

---------- | Navigateurs

IE : 11.0.15063.0     (© Microsoft Corporation. Tous droits réservés.)
GC : 58.0.3029.81     (Copyright 2016 Google Inc. All rights reserved.)
MS-Edge : 11.0.15063.250     (© Microsoft Corporation. All rights reserved.)

---------- | Security (atcav : 3)

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : adaware firewall Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = non en cours
AS: Windows Defender [Auto(2)] = en cours
FW: Windows FireWall Service [Auto(2)] = en cours
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = en cours

---------- | FlashPlayer

ActiveX : 25.0.0.148

---------- | Processus tues

952 | [Owner : UMFD-0 |Parent : 684(wininit.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
960 | [Owner : UMFD-1 |Parent : 800(winlogon.exe)] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe
1548 | [Owner : SERVICE LOCAL |Parent : 1188(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
1464 | [Owner : Système |Parent : 772(services.exe)] - (.IObit - Advanced SystemCare Service.) - (10.0.2.83) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
2096 | [Owner : SERVICE LOCAL |Parent : 1188(svchost.exe)] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe
3436 | [Owner : Système |Parent : 772(services.exe)] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
3656 | [Owner : Système |Parent : 772(services.exe)] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe
4168 | [Owner : Système |Parent : 772(services.exe)] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
4212 | [Owner : Système |Parent : 772(services.exe)] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.0) = C:\Windows\System32\SecurityHealthService.exe
4304 | [Owner : Système |Parent : 772(services.exe)] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2015.130.1601.5) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
5200 | [Owner : MSSQL$ADK |Parent : 772(services.exe)] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe
5600 | [Owner : SERVICE LOCAL |Parent : 3152(svchost.exe)] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe
7068 | [Owner : Jean-Marie |Parent : 772(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
5288 | [Owner : Jean-Marie |Parent : 772(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
3228 | [Owner : Jean-Marie |Parent : 2088(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
5620 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe
3480 | [Owner : Système |Parent : 772(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.0.0.634) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
7924 | [Owner : Jean-Marie |Parent : 772(services.exe)] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe
8100 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe
4748 | [Owner : Jean-Marie |Parent : 2088(svchost.exe)] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe
5960 | [Owner : Système |Parent : 772(services.exe)] - (.www.shadowexplorer.com - ShadowExplorer.) - (0.9.462.0) = C:\Program Files (x86)\ShadowExplorer\sesvc.exe
4440 | [Owner : Système |Parent : 772(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7967.1320) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
7860 | [Owner : Système |Parent : 772(services.exe)] - (.CompuClever Systems Inc. - CompuClever Management Service.) - (2.3.3.55) = C:\Users\Jean-Marie\AppData\Local\CompuClever\Program Management Console\ccmanagementservice.exe
1092 | [Owner : Système |Parent : 772(services.exe)] - (.Disc Soft Ltd - Disc Soft Bus Service Lite.) - (10.5.0.220) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
2420 | [Owner : Jean-Marie |Parent : 12240()] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
8108 | [Owner : Jean-Marie |Parent : 12240()] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
2760 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corp. - BDExtHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
9188 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corp. - BDAppHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
11852 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corp. - BDRuntimeHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
6940 | [Owner : Jean-Marie |Parent : 976()] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.0.0.634) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
9656 | [Owner : Jean-Marie |Parent : 2088(svchost.exe)] - (.CompuClever Systems Inc - PC TuneUp Maestro.) - (7.1.3.342) = C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
11800 | [Owner : Jean-Marie |Parent : 10224()] - (. - .) - (1.0.0.0) = C:\Program Files (x86)\Eyes Relaxing And Focusing 3.0\Eyes.exe
8116 | [Owner : Système |Parent : 772(services.exe)] - (.Seed4.Me - Seed4.Me VPN Client.) - (1.0.9.0) = C:\Program Files\Seed4.Me VPN\bin\Seed4.Me_service.exe
9932 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
3300 | [Owner : Jean-Marie |Parent : 2252()] - (.CyberLink Corp. - AppManager.) - (1.0.4110.0) = C:\Program Files (x86)\CyberLink\AppManager\AppManager.exe
8936 | [Owner : Jean-Marie |Parent : 136()] - (. - .) - (12.0.649.11190) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
5340 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (. - .) - (11.14.662.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
12576 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
7388 | [Owner : Jean-Marie |Parent : 2088(svchost.exe)] - (.IObit - Advanced SystemCare 10.) - (10.3.0.739) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
11408 | [Owner : Jean-Marie |Parent : 7388(ASC.exe)] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
13248 | [Owner : Système |Parent : 4184(svchost.exe)] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15063.0) = C:\Windows\System32\CompatTelRunner.exe
10436 | [Owner : Système |Parent : 13248(CompatTelRunner.exe)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
2072 | [Owner : Système |Parent : 772(services.exe)] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.9525) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe
9988 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.15063.250) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
10640 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Browser_Broker.) - (11.0.15063.0) = C:\Windows\System32\browser_broker.exe
11460 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
9440 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
10992 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
9292 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
12364 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
12716 | [Owner : Système |Parent : 772(services.exe)] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MsMpEng.exe
9360 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
5872 | [Owner : Jean-Marie |Parent : 10640(browser_broker.exe)] - (.RoseCitySoftware                                             - Registry First Aid, the easy powerful registry maintenance p.) - (11.0.1.2433) = C:\Users\Jean-Marie\Downloads\RegistryFirstAid_AQFR.exe
1032 | [Owner : Jean-Marie |Parent : 5872(RegistryFirstAid_AQFR.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-7P298.tmp\RegistryFirstAid_AQFR.tmp
4040 | [Owner : SERVICE LOCAL |Parent : 772(services.exe)] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.11.15063.0) = C:\Program Files\Windows Defender\NisSrv.exe
6272 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
10608 | [Owner : Jean-Marie |Parent : 1032(RegistryFirstAid_AQFR.tmp)] - (.RoseCitySoftware                                             - Registry First Aid, the easy powerful registry maintenance p.) - (11.0.1.2433) = C:\Users\Jean-Marie\Downloads\RegistryFirstAid_AQFR.exe
12844 | [Owner : Jean-Marie |Parent : 10608(RegistryFirstAid_AQFR.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-C9CC6.tmp\RegistryFirstAid_AQFR.tmp
9892 | [Owner : Jean-Marie |Parent : 12844(RegistryFirstAid_AQFR.tmp)] - (. - .) - (0.0.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-T2L0E.tmp\_isetup\_setup64.tmp
9952 | [Owner : Jean-Marie |Parent : 9892(_setup64.tmp)] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe
11152 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.15063.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
12436 | [Owner : Jean-Marie |Parent : 10800()] - (.Avanquest Software - Smart Privacy Cleaner.) - (2.0.0.0) = C:\Program Files (x86)\Smart Privacy Cleaner\SmartPrivacyCleaner.exe
10456 | [Owner : Jean-Marie |Parent : 10640()] - (.cyan soft ltd                                                - Online Video Recorder Setup                                 .) - (3.4.4.1) = C:\Users\Jean-Marie\Downloads\OnlineVideoRecorder_3_4_4_AQFR.exe
11128 | [Owner : Jean-Marie |Parent : 10456(OnlineVideoRecorder_3_4_4_AQFR.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-JUUPM.tmp\OnlineVideoRecorder_3_4_4_AQFR.tmp
1016 | [Owner : Jean-Marie |Parent : 11128(OnlineVideoRecorder_3_4_4_AQFR.tmp)] - (.cyan soft ltd                                                - Online Video Recorder Setup                                 .) - (3.4.4.1) = C:\Users\Jean-Marie\Downloads\OnlineVideoRecorder_3_4_4_AQFR.exe
12528 | [Owner : Jean-Marie |Parent : 1016(OnlineVideoRecorder_3_4_4_AQFR.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-JK7Q1.tmp\OnlineVideoRecorder_3_4_4_AQFR.tmp
5980 | [Owner : Jean-Marie |Parent : 10640()] - (.Solvusoft                                                    - SupersonicPC                                                .) - (1.0.0.0) = C:\Users\Jean-Marie\Downloads\Setup_SupersonicPC_2015.exe
6904 | [Owner : Jean-Marie |Parent : 5980(Setup_SupersonicPC_2015.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-5MGSO.tmp\Setup_SupersonicPC_2015.tmp
12024 | [Owner : Jean-Marie |Parent : 6904(Setup_SupersonicPC_2015.tmp)] - (.Solvusoft                                                    - SupersonicPC                                                .) - (1.0.0.0) = C:\Users\Jean-Marie\Downloads\Setup_SupersonicPC_2015.exe
9672 | [Owner : Jean-Marie |Parent : 12024(Setup_SupersonicPC_2015.exe)] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\JEAN-M~1\AppData\Local\Temp\is-2OILH.tmp\Setup_SupersonicPC_2015.tmp
9028 | [Owner : Jean-Marie |Parent : 6988()] - (.Solvusoft - SupersonicPC.) - (1.0.648.12715) = C:\Program Files (x86)\SupersonicPC\SolvusoftWM.exe
3320 | [Owner : Jean-Marie |Parent : 9028(SolvusoftWM.exe)] - (.Solvusoft - SupersonicPC - System Cleaner.) - (1.0.648.12715) = C:\Program Files (x86)\SupersonicPC\SolvusoftWMSystemCleaner.exe
12536 | [Owner : SERVICE RÉSEAU |Parent : 772(services.exe)] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (10.0.15063.0) = C:\Windows\System32\sppsvc.exe
10452 | [Owner : Jean-Marie |Parent : 436(svchost.exe)] - (.Microsoft Corporation - Paramètres.) - (10.0.15063.0) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe

---------- | Tasks

Suppression : ASC10_PerformanceMonitor
Suppression : Driver Booster Scheduler
Suppression : GlaryInitialize 5
Suppression : HardDiskShield_Popup
Suppression : HardDiskShield_Start
Suppression : NeoSetup Updater
Suppression : PC TuneUp Maestro Scan
Suppression : PC TuneUp Maestro Scan FirstTime
Suppression : PC TuneUp Maestro Scan SecondTime
Suppression : PC TuneUp Maestro Startup
Suppression : StartIsBack health check
Suppression : WinZipBackGroundToolsTask
Suppression : Ashampoo Privacy Protector Weekly Security Scan
Suppression : CreateExplorerShellUnelevatedTask
Suppression : GU5SkipUAC
Suppression : PC TuneUp Maestro Startups
Suppression : SupersonicPC


---------- | Services

Suppression : AdvancedSystemCareService10 : C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
Suppression : CompuCleverBootor : \??\C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\Bootor64.sys
Suppression : GUBootStartup : \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys
Suppression : netsvc : C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\netsvc.exe
Suppression : sgdsvc : C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\sgdsvc.exe
Suppression : utupdsvc : C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\updsvc.exe

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts

Suppression : 127.0.0.2 doubleclick.net
Suppression : 127.0.0.2 g.doubleclick.net
Suppression : 127.0.0.2 securepubads.g.doubleclick.net
Suppression : 127.0.0.2 pagead46.l.doubleclick.net
Suppression : 127.0.0.2 partnerad.l.doubleclick.net
Suppression : 127.0.0.2 ad.doubleclick.net
Suppression : 127.0.0.2 pubads.g.doubleclick.net
Suppression : 127.0.0.2 adclick.g.doubleclick.net
Suppression : 127.0.0.2 stats.g.doubleclick.net
Suppression : 127.0.0.2 fls.doubleclick.net
Suppression : 127.0.0.2 ad-emea.doubleclick.net
Suppression : 127.0.0.2 ad-apac.doubleclick.net
Suppression : 127.0.0.2 ads.pubmatic.com
Suppression : 127.0.0.2 showads.pubmatic.com
Suppression : 127.0.0.2 track.pubmatic.com
Suppression : 127.0.0.2 aktrack.pubmatic.com
Suppression : 127.0.0.2 cdn.taboolasyndication.com
Suppression : 127.0.0.2 services.taboolasyndication.com
Suppression : 127.0.0.2 netstorage.taboola.com
Suppression : 127.0.0.2 c2.taboola.com
Suppression : 127.0.0.2 go.taboola.com
Suppression : 127.0.0.2 cdn.taboola.com

---------- | SafeBoot

Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice
Suppression : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice

---------- | Winsock


---------- | DNS


---------- | Registre

Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\avanquest.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\doubleclick.net
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\glarysoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\googleads.g.doubleclick.net
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.olark.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vdownloader.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.avanquest.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.glarysoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avanquest.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\doubleclick.net
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\glarysoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\googleads.g.doubleclick.net
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.olark.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vdownloader.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.avanquest.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.glarysoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Suppression : HKLM64\SOFTWARE\Classes\ASCExtMenu.CExtMenu : CExtMenu Class     
Suppression : HKLM64\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1 : CExtMenu Class     
Suppression : HKLM64\SOFTWARE\Classes\GU.Encrypted : Glary Utilities Encrypted File     C:\Program Files (x86)\Glary Utilities 5\fileencrypt.exe -d %1
Suppression : HKLM64\SOFTWARE\Classes\TMAgentCOM.TMAgent : TweakBit TMAgent     
Suppression : HKLM\SOFTWARE\Wow6432Node\Classes\GU.Splitted : Glary Utilities Splitted File     C:\Program Files (x86)\Glary Utilities 5\filesplitter.exe -j %1
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\doubleclick.net
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\iobit.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\glarysoft.com
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.glarysoft.com
Suppression : HKLM64\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} : C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll
Suppression : HKLM64\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-D46FF1C67100} : C:\PROGRA~2\TweakBit\ANTI-M~1\TASKMA~1.DLL
Suppression : HKLM64\SOFTWARE\Classes\TypeLib\{35AE4004-4194-4243-92AA-351BB7239539} : C:\Program Files (x86)\Glary Utilities 5\GridMap.ocx
Suppression : HKLM64\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} :  # C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll
Suppression : HKLM64\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-00DB85710300} : C:\Program Files (x86)\TweakBit\Anti-Malware\TaskManagerHelper.Agent.x64.dll
Suppression : HKLM64\SOFTWARE\Classes\Interface\{28C97FA4-8378-42BF-A6F9-D615EB1272D7} : {35AE4004-4194-4243-92AA-351BB7239539}
Suppression : HKLM64\Software\Classes\WOW6432Node\Interface\{28C97FA4-8378-42BF-A6F9-D615EB1272D7} : {35AE4004-4194-4243-92AA-351BB7239539}
Suppression : HKLM64\SOFTWARE\Classes\Interface\{31FB3410-EA8B-4931-91C5-ADA7B91D953B} : {35AE4004-4194-4243-92AA-351BB7239539}
Suppression : HKLM64\Software\Classes\WOW6432Node\Interface\{31FB3410-EA8B-4931-91C5-ADA7B91D953B} : {35AE4004-4194-4243-92AA-351BB7239539}
Suppression : HKLM64\SOFTWARE\Classes\Interface\{6855F0CE-00B1-483F-8633-33B650EE4300} : {F2C6F7D1-ED32-49E5-9919-00DB85710300}
Suppression : HKLM64\Software\Classes\WOW6432Node\Interface\{6855F0CE-00B1-483F-8633-33B650EE4300} : {F2C6F7D1-ED32-49E5-9919-00DB85710300}
Suppression : HKLM64\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} : {60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Suppression : HKLM64\Software\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} : {60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[WiseDiskCleaner.exe]
Suppression : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Hard Disk Shield
Suppression : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MediaEspresso7
Suppression : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegSeeker.exe
Suppression : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinZip Malware Protector
Suppression : HKLM64\SOFTWARE\Microsoft\Tracing\wyUpdate_RASAPI32
Suppression : HKLM64\SOFTWARE\Microsoft\Tracing\wyUpdate_RASMANCS
Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HardDiskShield_RASAPI32
Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HardDiskShield_RASMANCS
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files\ByteFence\ByteFence.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Glary Utilities 5\upgrade.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.12.945.9202\AdAwareWebInstaller.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[I:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\WiseRegistryCleaner.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[L:\anti-faux-positof pre_scan - exe installers\advanced-systemcare-free_10-3-0-739_fr_403234.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\multi-install lfs ultra & 100%sf pt A to D sigma + barrow 2 à 4 & sj conrad\Setup hard disk shield.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\multi-install lfs ultra & 100%sf pt A to D sigma + barrow 2 à 4 & sj conrad\SpybotAntiBeacon-1.6-setup (1).exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\multi-install lfs ultra & 100%sf pt A to D sigma + barrow 2 à 4 & sj conrad\Usb key vaccine by viruskeeper setup.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\filextmgr.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\SecurityXploded\SX Blocker Suite\UniversalAdBlocker.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\SecurityXploded\SX System Suite\HiddenFileFinder.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\SecurityXploded\SX WiFi Security Suite\WiFiSecurityGuard.exe]
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe]
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Chromium
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\CompuClever
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Glarysoft
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\HardDiskShieldLanguage
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\PRO PC Cleaner
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Smart Privacy Cleaner
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Solvusoft
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\undefined
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\AppDataLow\Software\adawarebp
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients\StartMenuInternet\Chromium.GDN6ZTIOQTOJMYEEE4OGX2YXRU
Suppression : HKLM64\SOFTWARE\VDownloader
Suppression : HKLM64\Software\Classes\Directory\shell\Scan with Trojan Remover
Suppression : HKLM\SOFTWARE\Wow6432Node\adaware
Suppression : HKLM\SOFTWARE\Wow6432Node\Glarysoft
Suppression : HKLM\SOFTWARE\Wow6432Node\IObit
Suppression : HKLM\SOFTWARE\Wow6432Node\Simply Super Software
Suppression : HKLM\SOFTWARE\Wow6432Node\TweakBit
Suppression : HKLM\SOFTWARE\Wow6432Node\WinPcap
Suppression : HKU\S-1-5-18\SOFTWARE\Nico Mak Computing
Suppression : HKU\S-1-5-18\SOFTWARE\UTILILAB
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\LabPixels
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Nico Mak Computing
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\UTILILAB
Suppression : HKLM64\SOFTWARE\CodeGear
Suppression : HKLM64\SOFTWARE\Nico Mak Computing
Suppression : HKLM64\SOFTWARE\WOW6432Node\Lavasoft
Suppression : HKLM\SOFTWARE\Wow6432Node\CodeGear
Suppression : HKLM\SOFTWARE\Wow6432Node\LabPixels
Suppression : HKLM\SOFTWARE\Wow6432Node\Nico Mak Computing
Suppression : HKLM\SOFTWARE\Wow6432Node\SGSolution
Suppression : [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Suppression : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : 1
Suppression : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Suppression : HKLM64\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F48169210900B340BBABF65F66131DA : C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\nss\softokn3.dll
Suppression : HKLM64\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DB92050B5997B47A4E039691A9ED86 : C:\Program Files (x86)\UTILILAB\SearchGUARDIAN\sciter32.dll