Virus? iSafeSrvMon.dll

Suca · 07.05.2015, 18:36

Hilfe, ich bekomme die Meldung meines Antivirenprogramms, dass mein PC infiziert ist mit iSafeSrvMon.dll

Kann mir bitte jemand schnell helfen?

Waere euch sehr dankbar, ich bin schon panisch und der PC reagiert nur noch sehr langsam auf Befehle.

schrauber · 07.05.2015, 18:45

hi.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Suca · 07.05.2015, 18:56

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Susa (administrator) on ALEX on 07-05-2015 19:27:50
Running from C:\Users\Susa\Downloads
Loaded Profiles: Susa (Available profiles: Susa)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DataCardService\HWDeviceService.exe
() C:\ProgramData\Internet Everywhere\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2010-09-10] (Vimicro Corporation)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\Run: [IDMGrHlp] => wscript "C:\Users\Susa\AppData\Roaming\Adobe\Flash Player\SpeedCache\IDMGrHlp.vbs" "C:\Users\Susa\AppData\Roaming\Adobe\Flash Player\SpeedCache\IDMGrHlp.bat"
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {2f3855cd-ffe1-11e0-a58a-0015c524dc6f} - G:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {2f3855da-ffe1-11e0-a58a-0015c524dc6f} - E:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {7d01e86d-1092-11e1-990b-0015c524dc6f} - E:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {8b7e6f90-01e9-11e1-a9ca-0015c524dc6f} - E:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {b5bea66f-0000-11e1-837f-0016418ae66f} - E:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\MountPoints2: {ecaeb892-0f27-11e1-beab-0015c524dc6f} - E:\AutoRun.exe
HKU\S-1-5-21-424946734-516724147-3099802856-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2014-08-08]
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Susa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-424946734-516724147-3099802856-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK | Hotmail, Outlook, Skype, Bing, Latest News, Photos and Videos
HKU\S-1-5-21-424946734-516724147-3099802856-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Search
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13486&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-424946734-516724147-3099802856-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13486&tm=-15857&src=ds&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-25] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-25] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-424946734-516724147-3099802856-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{04249BF3-5A3C-470E-B268-B245EEC7619D}: [NameServer] 10.9.11.21 10.9.11.22
Tcpip\..\Interfaces\{6FA091DD-49A7-4823-B497-2530D0C725C8}: [NameServer] 10.9.11.21 10.9.11.22
Tcpip\..\Interfaces\{9E627CDD-5B74-4F06-9730-F4E8177C80CD}: [NameServer] 197.199.255.254 217.52.47.130
Tcpip\..\Interfaces\{A03844A5-6509-4E10-9EBE-F4FF20585BD6}: [NameServer] 10.9.11.21 10.9.11.22
Tcpip\..\Interfaces\{FBE4EBB7-63DF-4542-A57B-083B252058F2}: [NameServer] 83.224.70.77 83.224.70.54

FireFox:
========
FF ProfilePath: C:\Users\Susa\AppData\Roaming\Mozilla\Firefox\Profiles\9ywxjygu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Susa\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-08-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-28] (Macrovision Europe Ltd.) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Internet Everywhere. RunOuc; C:\Program Files\Internet Everywhere\UpdateDog\ouc.exe [657504 2012-12-11] ()
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-04] (Elex do Brasil Participações Ltda)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 KSafeSvc; "C:\Users\Susa\AppData\Local\Temp\RarSFX2\KSafeSvc.exe" -svc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCOREUSB; C:\Windows\System32\Drivers\BCOREUSB.sys [86867 2005-10-03] (CSR)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [205312 2012-12-03] (Huawei Technologies Co., Ltd.)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [226024 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [96424 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [43536 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [71744 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-04-17] (Elex do Brasil Participações Ltda)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl6a9136b0; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{457C8156-E5CB-4815-B962-3991EAFD297A}\MpKsl6a9136b0.sys [39464 2015-05-07] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [41744 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61712 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140048 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100624 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [47104 2005-11-22] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\Windows\System32\drivers\TosRfSnd.sys [50048 2005-04-06] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\Windows\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [254720 2010-11-12] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 19:27 - 2015-05-07 19:29 - 00020851 _____ () C:\Users\Susa\Downloads\FRST.txt
2015-05-07 19:27 - 2015-05-07 19:28 - 00000000 ____D () C:\FRST
2015-05-07 19:26 - 2015-05-07 19:26 - 01141248 _____ (Farbar) C:\Users\Susa\Downloads\FRST.exe
2015-05-07 18:56 - 2015-05-07 18:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Susa\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-07 18:55 - 2015-04-17 04:43 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-05-07 18:31 - 2015-05-07 18:45 - 00000000 ____D () C:\AdwCleaner
2015-05-07 18:30 - 2015-05-07 18:31 - 02204160 _____ () C:\Users\Susa\Downloads\AdwCleaner_4.203.exe
2015-05-07 17:51 - 2015-05-07 17:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Susa\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-07 17:31 - 2015-05-07 18:33 - 00000000 ____D () C:\ComboFix
2015-05-07 17:22 - 2015-05-07 17:22 - 00000000 ____D () C:\Qoobox
2015-05-07 17:19 - 2015-05-07 17:19 - 00000000 ____D () C:\Windows\erdnt
2015-05-07 17:07 - 2015-05-07 17:08 - 05621999 _____ (Swearware) C:\Users\Susa\Desktop\ComboFix.exe
2015-05-07 17:02 - 2015-05-07 17:07 - 05621999 ____R (Swearware) C:\Users\Susa\Downloads\ComboFix.exe
2015-05-07 16:45 - 2015-05-07 18:14 - 00000000 ____D () C:\Users\Susa\Downloads\RevoUninstallerPortable
2015-05-07 16:43 - 2015-05-07 16:43 - 02785665 _____ (PortableApps.com) C:\Users\Susa\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-07 16:03 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-07 15:56 - 2015-05-07 15:56 - 00000000 ____D () C:\Users\Susa\AppData\Local\VirtualStore
2015-05-06 12:16 - 2015-05-06 12:16 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Adobe
2015-05-06 12:16 - 2015-05-06 12:16 - 00000000 ____D () C:\Users\Susa\AppData\Local\Adobe
2015-05-06 12:16 - 2015-05-06 12:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-06 10:43 - 2015-05-06 10:43 - 00000000 ____D () C:\Users\Susa\AppData\Local\Google
2015-05-06 10:38 - 2015-05-06 11:01 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Adobe-BackupByIllustratorCS6Portable
2015-05-06 10:38 - 2015-05-06 10:38 - 00000000 ____D () C:\Users\Susa\AppData\Local\Adobe-BackupByIllustratorCS6Portable
2015-05-06 08:10 - 2015-05-06 08:10 - 00000000 ____D () C:\Users\Susa\AppData\Local\Macromedia
2015-05-06 08:02 - 2015-05-06 08:02 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Mozilla
2015-05-06 08:01 - 2015-05-06 08:01 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-06 08:01 - 2015-05-06 08:01 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-06 08:01 - 2015-05-06 08:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-06 07:34 - 2015-05-06 07:34 - 00007870 _____ () C:\Windows\system32\BroomData.bit
2015-05-05 23:37 - 2015-05-05 23:37 - 00001200 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-05-05 23:32 - 2015-05-05 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-05-05 23:32 - 2015-05-05 23:33 - 31660040 _____ (Panda Security ) C:\Users\Susa\Downloads\PandaCloudCleaner.exe
2015-05-05 23:25 - 2015-05-05 23:25 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Macromedia
2015-05-05 23:10 - 2015-05-05 23:24 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 23:10 - 2015-05-05 23:10 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Panda Security
2015-05-05 22:59 - 2015-05-06 08:29 - 00000000 ____D () C:\Users\Susa\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 22:36 - 2015-05-05 22:36 - 00243304 _____ () C:\Users\Susa\Downloads\Firefox Setup Stub 37.0.2.exe
2015-05-05 21:03 - 2015-04-03 09:02 - 00039300 _____ () C:\bookmarks-2015-05-05_278_Ph93OzBBkgdyGJYxBDmYMQ==.jsonlz4
2015-05-05 10:55 - 2015-05-07 18:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-05 10:55 - 2015-05-05 10:55 - 00000000 ____D () C:\Program Files\Elex-tech
2015-05-01 21:04 - 2015-05-07 18:47 - 00001120 _____ () C:\Windows\setupact.log
2015-05-01 21:04 - 2015-05-01 21:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-29 10:43 - 2015-04-29 10:43 - 00000000 ____D () C:\Users\Susa\Desktop\Moonshiner
2015-04-29 10:40 - 2015-04-29 10:41 - 00087033 _____ () C:\Users\Susa\Desktop\Moonshiner.zip
2015-04-28 21:02 - 2015-04-28 21:02 - 00000000 ____D () C:\Users\Susa\Downloads\PSDKEYS.COM_Suit_And_Tie_Party_Flyer
2015-04-28 20:20 - 2015-04-28 20:43 - 65888656 _____ () C:\Users\Susa\Downloads\PSDKEYS.COM_Suit_And_Tie_Party_Flyer.rar
2015-04-21 22:11 - 2015-05-06 08:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-21 08:40 - 2015-04-21 08:40 - 00000000 ____D () C:\Users\Susa\Downloads\31718-6-Name-Based-Badges-Logo-Templates-CM
2015-04-21 08:33 - 2015-04-21 08:35 - 09178357 _____ () C:\Users\Susa\Downloads\31718-6-Name-Based-Badges-Logo-Templates-CM.rar
2015-04-17 20:55 - 2015-04-17 20:56 - 00000000 ____D () C:\Users\Susa\Downloads\5968732-6-vintage-labels
2015-04-17 19:58 - 2015-04-17 19:58 - 00393896 _____ () C:\Users\Susa\Downloads\5968732-6-vintage-labels.rar
2015-04-17 17:06 - 2015-04-17 17:06 - 00000000 ____D () C:\Users\Susa\Downloads\GR_Pure_Art_Hand_Drawing_17_-_Chinese_Vintage_Art_v2
2015-04-17 16:15 - 2015-04-17 16:43 - 85204834 _____ () C:\Users\Susa\Downloads\GR_Pure_Art_Hand_Drawing_17_-_Chinese_Vintage_Art_v2.rar
2015-04-17 15:59 - 2015-04-17 16:04 - 00000000 ____D () C:\Users\Susa\Downloads\s.k.e.t.c.h-photoshop-action-abipic.com
2015-04-17 15:58 - 2015-04-17 15:58 - 00001896 _____ () C:\Users\Susa\Downloads\s.k.e.t.c.h-photoshop-action-abipic.com.rar
2015-04-16 18:21 - 2015-04-16 18:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:21 - 2015-04-16 18:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 12:59 - 2015-04-17 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-04-16 08:24 - 2015-04-16 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:24 - 2015-04-16 08:24 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-16 08:24 - 2015-04-16 08:24 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 14:28 - 2015-04-15 14:28 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-15 08:06 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:06 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:06 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:06 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 08:06 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 08:06 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 08:06 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 08:06 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 08:06 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 08:06 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 08:06 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 08:06 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 08:06 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 08:06 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 08:06 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 08:06 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 08:06 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 08:06 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 08:06 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 08:06 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:06 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:06 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 08:05 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 08:05 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:05 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 08:05 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 08:05 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:05 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 08:05 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:05 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 08:05 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:05 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:05 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 08:05 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 08:05 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 08:05 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:05 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 08:05 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 08:05 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:05 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:05 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:05 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 08:05 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:05 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:05 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:05 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 08:05 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:04 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:04 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:04 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:04 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:04 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:04 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 08:04 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:04 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:04 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:04 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 08:04 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 07:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 07:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-09 13:19 - 2015-04-09 13:19 - 00000000 ____D () C:\Users\Susa\Desktop\Microsoft_Office_2010_Portable
2015-04-09 12:55 - 2015-04-09 12:59 - 02594562 _____ () C:\Users\Susa\Desktop\Microsoft_Office_2010_Portable.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 19:28 - 2012-04-07 17:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 19:10 - 2011-10-26 23:24 - 01936530 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 19:06 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 19:06 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 18:47 - 2013-05-06 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 18:46 - 2014-06-17 16:02 - 01041364 _____ () C:\Windows\PFRO.log
2015-05-07 18:45 - 2011-10-26 14:51 - 00001100 _____ () C:\Users\Susa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 15:51 - 2015-02-26 14:09 - 00000000 ___RD () C:\Users\Susa\Dropbox
2015-05-07 15:51 - 2015-02-26 14:04 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Dropbox
2015-05-07 15:51 - 2011-11-07 13:53 - 00000000 ____D () C:\Windows\AutoKMS
2015-05-06 07:38 - 2015-01-31 15:12 - 00432152 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-05 23:32 - 2012-02-19 06:50 - 00000000 ____D () C:\Program Files\Panda Security
2015-05-05 21:29 - 2014-03-13 09:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-05 21:05 - 2014-09-11 09:29 - 00000000 ____D () C:\Program Files\ALDI mobile SURF2GO
2015-05-05 20:53 - 2011-11-15 20:52 - 00000000 ____D () C:\Program Files\Google
2015-05-05 20:42 - 2015-04-01 18:51 - 00000000 ____D () C:\Program Files\Notepad++
2015-05-05 19:38 - 2012-07-26 07:32 - 00000000 ____D () C:\ProgramData\Adobe-BackupByIllustratorCS6Portable
2015-05-05 19:13 - 2011-10-26 14:54 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 11:59 - 2012-07-26 07:32 - 00000000 ___HD () C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2015-05-01 14:27 - 2014-06-17 16:03 - 03894656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 19:54 - 2014-06-12 13:35 - 00432152 _____ () C:\Users\Susa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-24 07:41 - 2015-02-26 14:09 - 00000976 _____ () C:\Users\Susa\Desktop\Dropbox.lnk
2015-04-24 07:41 - 2015-02-26 14:06 - 00000000 ____D () C:\Users\Susa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-17 15:24 - 2015-01-20 15:58 - 00000000 ____D () C:\Users\Susa\Desktop\strom
2015-04-16 19:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 18:28 - 2014-01-31 01:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-04-16 18:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 09:56 - 2011-10-26 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:52 - 2013-08-15 05:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 09:19 - 2011-10-26 19:23 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 08:25 - 2011-10-26 20:01 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 08:24 - 2011-10-26 20:01 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 08:12 - 2009-07-14 04:04 - 00000487 _____ () C:\Windows\win.ini
2015-04-15 20:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-15 14:29 - 2012-04-07 17:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 14:29 - 2011-10-26 19:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-06-21 09:08 - 2014-06-21 09:08 - 0000017 _____ () C:\Users\Susa\AppData\Local\resmon.resmoncfg
2014-06-17 18:57 - 2014-06-17 18:57 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2008-05-23 17:48 - 2008-05-23 17:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 13:02 - 2008-06-23 13:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2011-10-31 06:17 - 2011-10-31 06:17 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Some content of TEMP:
====================
C:\Users\Susa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnvmzvr.dll
C:\Users\Susa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqod80u.dll
C:\Users\Susa\AppData\Local\Temp\Quarantine.exe
C:\Users\Susa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-09 19:46

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Susa at 2015-05-07 19:31:15
Running from C:\Users\Susa\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-424946734-516724147-3099802856-500 - Administrator - Disabled)
Guest (S-1-5-21-424946734-516724147-3099802856-501 - Limited - Disabled)
Susa (S-1-5-21-424946734-516724147-3099802856-1000 - Administrator - Enabled) => C:\Users\Susa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
Internet Everywhere (HKLM\...\Internet Everywhere) (Version: 23.009.09.01.458 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mahjong Classics (HKLM\...\87AD0EE8-5BDE-4B2A-81EF-C361CE8F9C97) (Version: 1 - Free Mahjong Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-424946734-516724147-3099802856-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
PC Connectivity Solution (HKLM\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Vimicro UVC USB2.0 PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Vimicro Corporation)
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Utils (HKLM\...\Windows Utils) (Version:  - )
WinRAR 4.10 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.1 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-424946734-516724147-3099802856-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-04-2015 00:03:54 Windows Update
25-04-2015 07:28:33 Windows Update
28-04-2015 22:09:17 Windows Update
02-05-2015 09:20:36 Windows Update
06-05-2015 00:42:15 Windows Update
06-05-2015 03:00:32 Windows Update
07-05-2015 16:53:38 Revo Uninstaller's restore point - YAC(Yet Another Cleaner!)
07-05-2015 18:19:48 Revo Uninstaller's restore point - YAC(Yet Another Cleaner!)
07-05-2015 18:25:42 Revo Uninstaller's restore point - YAC(Yet Another Cleaner!)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-10-14 16:53 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BAF1AF4-62C4-4FC3-9AFA-9ECD5E0639E1} - \Java Update Scheduler No Task File <==== ATTENTION
Task: {38E5840D-76DF-4159-BD7D-880237183FA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {3E163616-940F-4BA2-9B7D-BA735FA4F676} - \{628D7AE6-7095-47C4-B133-99134FC5141C} No Task File <==== ATTENTION
Task: {510F5A03-24C4-4EB0-B8C7-6AC7FD8C295A} - \4593 No Task File <==== ATTENTION
Task: {6346CDAD-8B2E-45A9-BF65-9F7CFBAFFB9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {738E5131-1D9B-4E2C-8E4E-318140DDEE29} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8A07FE67-605A-4F5C-BB37-06C059608503} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A3FFBDCA-E8CE-4B98-BB31-6E9224B84A1F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A6A6CC47-EFE5-4BF7-806D-76D83419D4DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A7DA5713-B31C-44E7-A217-1D3CA1A37978} - \{B09B10AF-4587-4D59-92CF-CD9937103A0B} No Task File <==== ATTENTION
Task: {B81700FE-88FF-4114-89F6-010D501F88AF} - \{E5C0EB2B-2B61-43C7-9DA5-8331CF45C428} No Task File <==== ATTENTION
Task: {F143C0CA-808A-43FB-8D75-63C7E83A4D8F} - \0 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-05-05 10:56 - 2015-05-04 11:15 - 00065696 ____N () C:\Program Files\Elex-tech\YAC\zlib1.dll
2015-05-05 10:56 - 2015-04-17 04:43 - 00176976 ____N () C:\Program Files\Elex-tech\YAC\tws\unrar.dll
2015-05-05 10:56 - 2015-04-17 04:43 - 00087744 ____N () C:\Program Files\Elex-tech\YAC\tws\unacev2.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-06-17 09:32 - 2012-12-11 11:09 - 00657504 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\ouc.exe
2014-06-17 09:32 - 2012-12-11 11:09 - 00011362 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\mingwm10.dll
2014-06-17 09:32 - 2012-12-11 11:09 - 00043008 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\libgcc_s_dw2-1.dll
2014-06-17 09:32 - 2012-12-11 11:09 - 02417152 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtCore4.dll
2014-06-17 09:32 - 2012-12-11 11:09 - 01148416 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtNetwork4.dll
2014-06-17 09:32 - 2012-12-11 11:09 - 00843264 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QueryStrategy.dll
2014-06-17 09:32 - 2012-12-11 11:09 - 00398336 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtXml4.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2006-11-03 17:25 - 2006-11-03 17:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2006-11-03 17:46 - 2006-11-03 17:46 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:C1DF762D
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-424946734-516724147-3099802856-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Susa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.2.17.60 - 62.2.24.162

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSafeTray => "C:\Users\Susa\AppData\Local\Temp\RarSFX2\\KSafeTray.exe" -autorun
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: SunriseALDI Imola ModemListener => C:\Program Files\ALDI mobile SURF2GO\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{0C6CCBA4-66C6-4AD7-9223-31700ACAA338}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{665DA5DD-5C52-4F03-B12D-1A1FA375CE26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB9D2422-BA2C-4F5D-966D-DC2F9C90AE93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A50CB9D1-7B3E-4255-98E6-B983E7BAA143}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{FBD5BD47-C2B1-476E-80D9-86FD71D3CD7A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{F3A8CD43-32D8-4A01-8BD6-2E74180D1D26}C:\users\susa\appdata\roaming\filehunter\pumpa.exe] => (Allow) C:\users\susa\appdata\roaming\filehunter\pumpa.exe
FirewallRules: [UDP Query User{E31ADDE7-980A-4845-8034-9D3885BE50B6}C:\users\susa\appdata\roaming\filehunter\pumpa.exe] => (Allow) C:\users\susa\appdata\roaming\filehunter\pumpa.exe
FirewallRules: [TCP Query User{BDE67388-D690-4018-9A43-DDE52E96A17B}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{B35B9A2A-02F3-4507-9FAC-7C33AFA090A4}C:\program files\1clickdownload\1clickdownloader.exe] => (Block) C:\program files\1clickdownload\1clickdownloader.exe
FirewallRules: [{F5E16580-A34B-4EEA-AC86-A95C742FEFC7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{278028E3-1BF6-47F8-B984-C16579EBD8E9}] => (Allow) C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe
FirewallRules: [{E7B579EF-5BC9-405F-8C29-59D66E038752}] => (Allow) C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe
FirewallRules: [{C274BB3B-F492-423A-9A54-FAB973F08DD7}] => (Allow) C:\Program Files\gnucash\bin\gnucash-bin.exe
FirewallRules: [{F7B7C783-D4EF-4EF2-8EE1-11F52D526E75}] => (Allow) C:\Program Files\gnucash\bin\gnucash-bin.exe
FirewallRules: [{6FB756DC-171A-49D3-9E2B-B233260CA038}] => (Allow) C:\Program Files\gnucash\bin\gconfd-2.exe
FirewallRules: [{9AC1543E-E315-45C0-9112-36DC2B4CD70B}] => (Allow) C:\Program Files\gnucash\bin\gconfd-2.exe
FirewallRules: [{D10FCD3C-6BFD-427F-9E36-3D6A27625F86}] => (Allow) C:\Users\Susa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{83CFBEC1-1B1A-466F-AF2B-109184C9CF37}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BA8F27ED-3898-43A9-AEB1-E0227CD07252}] => (Allow) LPort=2869
FirewallRules: [{0B223B9F-DA58-4832-85E2-13A84D339AA7}] => (Allow) LPort=1900
FirewallRules: [{76787C73-86DA-4E0A-8E1C-9708DB7E9DF1}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{6346C8D9-ACD7-4981-9281-741EAD791330}C:\users\susa\downloads\amsnportable\app\amsn\bin\wish.exe] => (Allow) C:\users\susa\downloads\amsnportable\app\amsn\bin\wish.exe
FirewallRules: [UDP Query User{C756BCFD-E8D1-45CA-9C35-8301F723AA35}C:\users\susa\downloads\amsnportable\app\amsn\bin\wish.exe] => (Allow) C:\users\susa\downloads\amsnportable\app\amsn\bin\wish.exe
FirewallRules: [{1D7D5345-CC2F-427F-9CBB-361EFC7BEB04}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{557E8E7A-3DF1-4009-A33D-F1397D65F01D}C:\users\susa\appdata\local\catalinagroup\citrio\application\chrome.exe] => (Block) C:\users\susa\appdata\local\catalinagroup\citrio\application\chrome.exe
FirewallRules: [UDP Query User{0A2FEF07-DAA8-4967-9122-A8EC50841A06}C:\users\susa\appdata\local\catalinagroup\citrio\application\chrome.exe] => (Block) C:\users\susa\appdata\local\catalinagroup\citrio\application\chrome.exe
FirewallRules: [{311015D7-8961-444F-A8CF-9087EEC8CF5A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3DE6DEB3-4103-4CC9-83A4-2262650DE7A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{70E786B1-BA32-497B-B39D-CA3B40E53EE1}] => (Allow) C:\Users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{28E65052-2E75-439B-B7A4-A5CEC343034F}] => (Allow) C:\Users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5D016E1E-456A-4542-976A-055B7BDDC321}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe
FirewallRules: [UDP Query User{71D0A0B9-09D1-4F90-BEE2-8C808187B825}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe
FirewallRules: [{A91057BF-6690-404E-9374-F3324FC4BE64}] => (Block) C:\program files\airdroid\airdroid.exe
FirewallRules: [{04AD4F57-BE67-4B85-BBC8-4904EF29A250}] => (Block) C:\program files\airdroid\airdroid.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Stereo Audio
Description: Bluetooth Stereo Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2015 06:48:45 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 06:43:55 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 06:19:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9311de17-96f6-4d08-9abe-ea08ac695069}

Error: (05/07/2015 06:04:12 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 04:53:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {caab78b1-a1ed-4166-bd45-a48319759de0}

Error: (05/07/2015 04:03:33 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 03:55:44 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 03:49:12 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 01:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1a64
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/07/2015 06:47:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24789433


System errors:
=============
Error: (05/07/2015 07:09:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5

Error: (05/07/2015 06:57:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (05/07/2015 06:55:17 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

	Feature: %%886

	Error Code: 0x80070005

	Error description: Access is denied. 

	Reason: %%892

Error: (05/07/2015 06:55:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (05/07/2015 06:55:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iSafeNetFilter service failed to start due to the following error: 
%%2

Error: (05/07/2015 06:55:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iSafeNetFilter
Tosrfcom

Error: (05/07/2015 06:54:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (05/07/2015 06:48:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/07/2015 06:47:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Internet Everywhere. OUC service failed to start due to the following error: 
%%1053

Error: (05/07/2015 06:47:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Everywhere. OUC service to connect.


Microsoft Office Sessions:
=========================
Error: (05/07/2015 06:48:45 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 06:43:55 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 06:19:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9311de17-96f6-4d08-9abe-ea08ac695069}

Error: (05/07/2015 06:04:12 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 04:53:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {caab78b1-a1ed-4166-bd45-a48319759de0}

Error: (05/07/2015 04:03:33 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 03:55:44 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 03:49:12 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/07/2015 01:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa11a6401d088b5661c9f31C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllbc2ab26d-f4a8-11e4-b1e6-0016418ae66f

Error: (05/07/2015 06:47:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24789433


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.44 MB
Available physical RAM: 732.86 MB
Total Pagefile: 4092.88 MB
Available Pagefile: 2088.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:91.71 GB) (Free:24.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (GOLDWELL) (Removable) (Total:3.73 GB) (Free:0.25 GB) FAT32
Drive g: (Elements) (Fixed) (Total:465.76 GB) (Free:220.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 91.8 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=91.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 000263B7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 08.05.2015, 16:41

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

YAC
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Suca · 10.05.2015, 15:35

Hallo Schrauber,
erst mal Danke, dass du dich meinem Problem so schnell angenommen hast. Ich habe beide Programme nach deiner Anweisung installiert, allerdings ist das YAC Ding nach wie vor installiert bzw. installiert sich mit jedem restart erneut. Was kann ich tun?

schrauber · 11.05.2015, 09:46

Lass bitte Combofix laufen und poste mir das Logfile

Suca · 11.05.2015, 16:25

Sorry fuer meine Bloedheit in diesen Dingen

Wo finde ich das logfile von Combofix?

Combofix Logfile:

Code:

ATTFilter

ComboFix 15-05-09.01 - Susa 11/05/2015  16:06:17.1.2 - x86
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.49.1033.18.2046.549 [GMT 2:00]
ausgeführt von:: c:\users\Susa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-11 bis 2015-05-11  ))))))))))))))))))))))))))))))
.
.
2015-05-11 15:07 . 2015-05-11 15:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-11 13:34 . 2014-03-11 14:51	36896	----a-w-	c:\windows\system32\drivers\PsBoot.sys
2015-05-11 13:33 . 2015-05-11 13:33	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CCF7F2-896B-4064-9DEF-B1156AB07AD2}\MpKsl7a5f7055.sys
2015-05-11 13:27 . 2015-05-11 13:27	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CCF7F2-896B-4064-9DEF-B1156AB07AD2}\offreg.dll
2015-05-10 14:47 . 2015-04-04 06:39	9201616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CCF7F2-896B-4064-9DEF-B1156AB07AD2}\mpengine.dll
2015-05-10 13:44 . 2015-05-10 13:44	--------	d-----w-	c:\program files\VS Revo Group
2015-05-09 10:38 . 2015-04-04 06:39	9201616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-08 08:02 . 2015-05-08 08:02	--------	d-----w-	c:\users\Susa\AppData\Local\Adobe
2015-05-07 17:27 . 2015-05-07 17:56	--------	d-----w-	C:\FRST
2015-05-07 16:55 . 2015-04-17 02:43	44712	----a-w-	c:\windows\system32\drivers\iSafeNetFilter.sys
2015-05-07 16:31 . 2015-05-07 16:45	--------	d-----w-	C:\AdwCleaner
2015-05-07 14:03 . 2015-01-29 17:21	50320	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2015-05-07 13:56 . 2015-05-07 13:56	--------	d-----w-	c:\users\Susa\AppData\Local\VirtualStore
2015-05-06 08:43 . 2015-05-06 08:43	--------	d-----w-	c:\users\Susa\AppData\Local\Google
2015-05-06 08:38 . 2015-05-06 08:38	--------	d-----w-	c:\users\Susa\AppData\Local\Adobe-BackupByIllustratorCS6Portable
2015-05-06 08:38 . 2015-05-06 09:01	--------	d-----w-	c:\users\Susa\AppData\Roaming\Adobe-BackupByIllustratorCS6Portable
2015-05-06 06:10 . 2015-05-06 06:10	--------	d-----w-	c:\users\Susa\AppData\Local\Macromedia
2015-05-06 06:01 . 2015-05-06 06:01	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2015-05-05 21:10 . 2015-05-05 21:24	--------	d-----w-	c:\users\Susa\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 21:10 . 2015-05-05 21:10	--------	d-----w-	c:\users\Susa\AppData\Roaming\Panda Security
2015-05-05 20:59 . 2015-05-06 06:29	--------	d-----w-	c:\users\Susa\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 08:55 . 2015-05-10 14:19	--------	d-----w-	c:\programdata\boost_interprocess
2015-05-05 08:55 . 2015-05-05 08:55	--------	d-----w-	c:\program files\Elex-tech
2015-04-16 16:21 . 2015-04-16 16:21	--------	d-s---w-	c:\windows\system32\CompatTel
2015-04-16 16:21 . 2015-04-16 16:21	--------	d-----w-	c:\windows\system32\appraiser
2015-04-16 06:24 . 2015-04-16 06:24	--------	d-----w-	c:\program files\Common Files\Skype
2015-04-15 12:28 . 2015-04-15 12:28	18178736	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2015-04-15 06:05 . 2015-03-05 04:06	305152	----a-w-	c:\windows\system32\gdi32.dll
2015-04-15 05:54 . 2015-03-10 03:08	1237504	----a-w-	c:\windows\system32\msxml3.dll
2015-04-15 05:54 . 2015-03-10 03:05	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 12:29 . 2012-04-07 15:03	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-04-15 12:29 . 2011-10-26 17:46	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 21:32 . 2015-03-31 19:37	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1140ECC2-F7A1-4978-9F48-9EAE13EB8593}\gapaengine.dll
2015-03-25 21:32 . 2012-02-10 07:33	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-03 13:16 . 2011-10-26 16:02	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-26 03:11 . 2015-03-14 02:20	2381312	----a-w-	c:\windows\system32\win32k.sys
2015-02-25 19:03 . 2015-02-25 19:03	124688	----a-w-	c:\windows\system32\drivers\PSINProt.sys
2015-02-25 19:03 . 2015-02-25 19:03	100624	----a-w-	c:\windows\system32\drivers\PSINReg.sys
2015-02-25 19:03 . 2015-02-25 19:03	168208	----a-w-	c:\windows\system32\drivers\PSINKNC.sys
2015-02-25 19:03 . 2015-02-25 19:03	113936	----a-w-	c:\windows\system32\drivers\PSINProc.sys
2015-02-25 19:02 . 2015-02-25 19:02	140048	----a-w-	c:\windows\system32\drivers\PSINAflt.sys
2015-02-25 19:02 . 2015-02-25 19:02	105232	----a-w-	c:\windows\system32\drivers\PSINFile.sys
2015-02-25 17:58 . 2015-02-25 18:06	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-02-20 04:13 . 2015-03-11 05:27	26624	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 05:27	70656	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 05:27	10240	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 05:27	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 05:27	299008	----a-w-	c:\windows\system32\atmfd.dll
2015-02-17 14:26 . 2015-02-17 14:26	1217184	----a-w-	c:\windows\system32\FM20.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-11 14:05	220632	----a-w-	c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-11 14:05	220632	----a-w-	c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-11 14:05	220632	----a-w-	c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2010-09-10 143360]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2015-02-26 40184]
.
c:\users\Susa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-14 43376600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0PCloudBroom.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52	2072576	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 10:30	59240	----a-w-	c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2010-09-10 08:01	143360	----a-w-	c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 Internet Everywhere. RunOuc;Internet Everywhere. OUC;c:\program files\Internet Everywhere\UpdateDog\ouc.exe [2012-12-11 657504]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 96000]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-12-03 205312]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [x]
R3 KSafeSvc;KSafe service;c:\users\Susa\AppData\Local\Temp\RarSFX2\KSafeSvc.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2010-11-12 254720]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [2014-03-11 36896]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files\Elex-tech\YAC\iSafeKrnl.sys [2015-05-04 226024]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files\Elex-tech\YAC\iSafeKrnlKit.sys [2015-05-04 96424]
S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files\Elex-tech\YAC\iSafeKrnlMon.sys [2015-05-04 43536]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files\Elex-tech\YAC\iSafeKrnlR3.sys [2015-05-04 71744]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys [2015-04-17 44712]
S1 MpKsl7a5f7055;MpKsl7a5f7055;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CCF7F2-896B-4064-9DEF-B1156AB07AD2}\MpKsl7a5f7055.sys [2015-05-11 39464]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2015-02-09 86800]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2015-02-09 202128]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2015-02-09 109584]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2015-02-09 126480]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2014-12-31 41744]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2015-02-09 99856]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2015-02-09 61712]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2015-02-09 120592]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2015-02-09 281232]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2015-02-09 205456]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2015-02-09 108432]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2015-02-09 239888]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2015-02-09 94864]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2015-02-25 168208]
S2 iSafeService;YAC Service;c:\program files\Elex-tech\YAC\iSafeSvc.exe [2015-05-04 118048]
S2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-02-26 142584]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-09 66808]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2015-02-25 140048]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2015-02-25 105232]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2015-02-25 113936]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2015-02-25 124688]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2015-02-25 100624]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-02-26 38136]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 76544]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2015-01-29 50320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL7A5F7055
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13486&tm=-15857&src=hmp
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
TCP: Interfaces\{04249BF3-5A3C-470E-B268-B245EEC7619D}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{6FA091DD-49A7-4823-B497-2530D0C725C8}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{9E627CDD-5B74-4F06-9730-F4E8177C80CD}: NameServer = 197.199.255.254 217.52.47.130
TCP: Interfaces\{A03844A5-6509-4E10-9EBE-F4FF20585BD6}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{FBE4EBB7-63DF-4542-A57B-083B252058F2}: NameServer = 83.224.70.77 83.224.70.54
FF - ProfilePath - c:\users\Susa\AppData\Roaming\Mozilla\Firefox\Profiles\9ywxjygu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKCU-Run-IDMGrHlp - wscript c:\users\Susa\AppData\Roaming\Adobe\Flash Player\SpeedCache\IDMGrHlp.vbs
MSConfigStartUp-KSafeTray - c:\users\Susa\AppData\Local\Temp\RarSFX2\\KSafeTray.exe
MSConfigStartUp-SunriseALDI Imola ModemListener - c:\program files\ALDI mobile SURF2GO\BackgroundService\ModemListener.exe
AddRemove-Windows Utils - c:\users\Susa\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-{084794F0-0128-DC37-009D-A67A5E1542C4} - c:\progra~2\INSTAL~3\{02CA1~1\Setup.exe
AddRemove-{115EB352-0CBC-D371-77A2-E91D5A1C1934} - c:\progra~2\INSTAL~3\{C7DD5~1\Setup.exe
AddRemove-{58D73002-9E4B-E502-CECE-EFC5C1DF716F} - c:\progra~2\INSTAL~3\{E433D~1\Setup.exe
AddRemove-{6AC6BA99-D4B5-CA45-2963-78E504FDED33} - c:\progra~2\INSTAL~3\{2C84A~1\Setup.exe
AddRemove-{A01F0F35-98E1-1034-163E-B55DA018D1E6} - c:\progra~2\INSTAL~3\{B9EC5~1\Setup.exe
AddRemove-{A6382BD9-A34C-4E25-ACCE-EB6E7DDB092F} - c:\progra~2\INSTAL~3\{A6382~1\Setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\ccontineuetoSSaave\uninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-11  17:22:22
ComboFix-quarantined-files.txt  2015-05-11 15:22
.
Vor Suchlauf: 25,227,063,296 bytes free
Nach Suchlauf: 25,485,885,440 bytes free
.
- - End Of File - - C865DEC941062AA1A0302FEF2953D73C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 12.05.2015, 07:04

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Driver::
iSafeKrnlBoot
iSafeKrnl
iSafeKrnlKit
iSafeKrnlMon
iSafeKrnlR3
iSafeNetFilter
File::
c:\windows\system32\DRIVERS\iSafeNetFilter.sys
c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys
Folder::
c:\program files\Elex-tech

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Suca · 12.05.2015, 12:04

ComboFix 15-05-09.01 - Susa 12/05/2015 8:35.2.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.49.1033.18.2046.1194 [GMT 2:00]
ausgeführt von:: c:\users\Susa\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Susa\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
.
FILE ::
"c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys"
"c:\windows\system32\DRIVERS\iSafeNetFilter.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Elex-tech
c:\program files\Elex-tech\YAC\bugreport.exe
c:\program files\Elex-tech\YAC\cfg\ccc.dat
c:\program files\Elex-tech\YAC\cfg\customscan.dat
c:\program files\Elex-tech\YAC\cfg\dbucg.dat
c:\program files\Elex-tech\YAC\cfg\hyperscan.dat
c:\program files\Elex-tech\YAC\cfg\isafe.dat
c:\program files\Elex-tech\YAC\cfg\quickscan.dat
c:\program files\Elex-tech\YAC\cfg\scanfilter.dat
c:\program files\Elex-tech\YAC\cfg\ucg.dat
c:\program files\Elex-tech\YAC\cfg\updatedb.dat
c:\program files\Elex-tech\YAC\curlpp.dll
c:\program files\Elex-tech\YAC\data\adb.dat
c:\program files\Elex-tech\YAC\data\bas.dat
c:\program files\Elex-tech\YAC\data\bts.dat
c:\program files\Elex-tech\YAC\data\bwd.dat
c:\program files\Elex-tech\YAC\data\cls.dat
c:\program files\Elex-tech\YAC\data\clx.dat
c:\program files\Elex-tech\YAC\data\dev.dat
c:\program files\Elex-tech\YAC\data\eas.dat
c:\program files\Elex-tech\YAC\data\ess.dat
c:\program files\Elex-tech\YAC\data\fst.dat
c:\program files\Elex-tech\YAC\data\gcs.dat
c:\program files\Elex-tech\YAC\data\gcx.dat
c:\program files\Elex-tech\YAC\data\hs.dat
c:\program files\Elex-tech\YAC\data\mic.dat
c:\program files\Elex-tech\YAC\data\nlu.dat
c:\program files\Elex-tech\YAC\data\pls.dat
c:\program files\Elex-tech\YAC\data\plx.dat
c:\program files\Elex-tech\YAC\data\rms.dat
c:\program files\Elex-tech\YAC\data\sta.dat
c:\program files\Elex-tech\YAC\data\stu.dat
c:\program files\Elex-tech\YAC\data\tbc.dat
c:\program files\Elex-tech\YAC\data\uis.dat
c:\program files\Elex-tech\YAC\data\was.dat
c:\program files\Elex-tech\YAC\data\ysm.dat
c:\program files\Elex-tech\YAC\engine\cache\index.dat
c:\program files\Elex-tech\YAC\engine\defs\bs.dat
c:\program files\Elex-tech\YAC\engine\defs\sr.dat
c:\program files\Elex-tech\YAC\engine\defs\vn.dat
c:\program files\Elex-tech\YAC\engine\defs\ws.dat
c:\program files\Elex-tech\YAC\engine\trustzone\index.dat
c:\program files\Elex-tech\YAC\feedback.exe
c:\program files\Elex-tech\YAC\font\segoeui.ttf
c:\program files\Elex-tech\YAC\font\segoeuib.ttf
c:\program files\Elex-tech\YAC\iCommon.dll
c:\program files\Elex-tech\YAC\iCommu.dll
c:\program files\Elex-tech\YAC\iddmgr.dll
c:\program files\Elex-tech\YAC\iDesk.exe
c:\program files\Elex-tech\YAC\iDskDllPatch.dll
c:\program files\Elex-tech\YAC\iDskDllPatch64.dll
c:\program files\Elex-tech\YAC\iImportLib.dll
c:\program files\Elex-tech\YAC\ipcdl.exe
c:\program files\Elex-tech\YAC\ipcproxy.dll
c:\program files\Elex-tech\YAC\iSafe.exe
c:\program files\Elex-tech\YAC\isafeadfv.dll
c:\program files\Elex-tech\YAC\iSafeAdless.dll
c:\program files\Elex-tech\YAC\isafebase.dll
c:\program files\Elex-tech\YAC\isafebs.dll
c:\program files\Elex-tech\YAC\iSafeBugReport.exe
c:\program files\Elex-tech\YAC\iSafeCheckEngine.dll
c:\program files\Elex-tech\YAC\isafechlp.dll
c:\program files\Elex-tech\YAC\isafeclc.dll
c:\program files\Elex-tech\YAC\isafeclcv.dll
c:\program files\Elex-tech\YAC\isafeclean.dll
c:\program files\Elex-tech\YAC\iSafeDisp.dll
c:\program files\Elex-tech\YAC\iSafeEngineBase.dll
c:\program files\Elex-tech\YAC\iSafeEngineDisp.dll
c:\program files\Elex-tech\YAC\iSafeKrnl.sys
c:\program files\Elex-tech\YAC\iSafeKrnlBoot.sys
c:\program files\Elex-tech\YAC\iSafeKrnlCall.dll
c:\program files\Elex-tech\YAC\iSafeKrnlCall64.dll
c:\program files\Elex-tech\YAC\iSafeKrnlKit.sys
c:\program files\Elex-tech\YAC\iSafeKrnlMon.sys
c:\program files\Elex-tech\YAC\iSafeKrnlMonCall.dll
c:\program files\Elex-tech\YAC\iSafeKrnlR3.sys
c:\program files\Elex-tech\YAC\iSafeKrnlShell.dll
c:\program files\Elex-tech\YAC\isafeLottery.exe
c:\program files\Elex-tech\YAC\isafemadwc.dll
c:\program files\Elex-tech\YAC\isafembp.dll
c:\program files\Elex-tech\YAC\isafemc.dll
c:\program files\Elex-tech\YAC\isafemclv.dll
c:\program files\Elex-tech\YAC\isafemgc.dll
c:\program files\Elex-tech\YAC\iSafeMon.dll
c:\program files\Elex-tech\YAC\isafemoptv.dll
c:\program files\Elex-tech\YAC\isafemsmv.dll
c:\program files\Elex-tech\YAC\isafemvsv.dll
c:\program files\Elex-tech\YAC\iSafeNetFilter.sys
c:\program files\Elex-tech\YAC\iSafenpf.dll
c:\program files\Elex-tech\YAC\isafepxy.dll
c:\program files\Elex-tech\YAC\iSafeRKScanShell.dll
c:\program files\Elex-tech\YAC\isaferpt.dll
c:\program files\Elex-tech\YAC\isafesmgr.dll
c:\program files\Elex-tech\YAC\isafesopt.dll
c:\program files\Elex-tech\YAC\isafesptv.dll
c:\program files\Elex-tech\YAC\isafesv.dll
c:\program files\Elex-tech\YAC\iSafeSvc.exe
c:\program files\Elex-tech\YAC\iSafeSvc2.exe
c:\program files\Elex-tech\YAC\isafetbv.dll
c:\program files\Elex-tech\YAC\iSafeTHlp.exe
c:\program files\Elex-tech\YAC\iSafeTray.exe
c:\program files\Elex-tech\YAC\isafeupbiz.dll
c:\program files\Elex-tech\YAC\iSafeVirusScanner.exe
c:\program files\Elex-tech\YAC\iStart.exe
c:\program files\Elex-tech\YAC\iSvc.dll
c:\program files\Elex-tech\YAC\iSvc2.dll
c:\program files\Elex-tech\YAC\iTPAutoClean.dll
c:\program files\Elex-tech\YAC\iTPDesk.dll
c:\program files\Elex-tech\YAC\iTPFeedback.dll
c:\program files\Elex-tech\YAC\iTPFloaty.dll
c:\program files\Elex-tech\YAC\iTPMsgCenter.dll
c:\program files\Elex-tech\YAC\iTpNodisturb.dll
c:\program files\Elex-tech\YAC\iTPProtect.dll
c:\program files\Elex-tech\YAC\iTPPush.dll
c:\program files\Elex-tech\YAC\iTPStartupAssist.dll
c:\program files\Elex-tech\YAC\iTPVirus.dll
c:\program files\Elex-tech\YAC\lang\AdBlock_lang.xml
c:\program files\Elex-tech\YAC\lang\adwclean_lang.xml
c:\program files\Elex-tech\YAC\lang\bugreport.xml
c:\program files\Elex-tech\YAC\lang\clean_lang.xml
c:\program files\Elex-tech\YAC\lang\clean_scanfilter_lang.xml
c:\program files\Elex-tech\YAC\lang\common_lang.xml
c:\program files\Elex-tech\YAC\lang\dsk_lang.xml
c:\program files\Elex-tech\YAC\lang\fblang.xml
c:\program files\Elex-tech\YAC\lang\iSafeRKScanShell.lang
c:\program files\Elex-tech\YAC\lang\iSafeSet_lang.xml
c:\program files\Elex-tech\YAC\lang\iSafeWifi_lang.xml
c:\program files\Elex-tech\YAC\lang\lang.xml
c:\program files\Elex-tech\YAC\lang\Lottery_lang.xml
c:\program files\Elex-tech\YAC\lang\new_clean_lang.xml
c:\program files\Elex-tech\YAC\lang\NewVirusScan_lang.xml
c:\program files\Elex-tech\YAC\lang\optimize_lang2.xml
c:\program files\Elex-tech\YAC\lang\PCClinicUI_lang.xml
c:\program files\Elex-tech\YAC\lang\plugin_lang.xml
c:\program files\Elex-tech\YAC\lang\SafeProtect_lang.xml
c:\program files\Elex-tech\YAC\lang\shell.xml
c:\program files\Elex-tech\YAC\lang\softmgr_lang.xml
c:\program files\Elex-tech\YAC\lang\startup_lang.xml
c:\program files\Elex-tech\YAC\lang\taskhelper_lang.xml
c:\program files\Elex-tech\YAC\lang\ToolBox_lang.xml
c:\program files\Elex-tech\YAC\lang\tray2_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_appstore_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_desk_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_feedback_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_floaty_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_nodisturb_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_protect_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_startupassist_lang.xml
c:\program files\Elex-tech\YAC\lang\trayplugin_virus_lang.xml
c:\program files\Elex-tech\YAC\lang\uninstall_lang.xml
c:\program files\Elex-tech\YAC\libcurl.dll
c:\program files\Elex-tech\YAC\libeay32.dll
c:\program files\Elex-tech\YAC\log\bugreport.zip
c:\program files\Elex-tech\YAC\log\ipcdl.log
c:\program files\Elex-tech\YAC\log\ipcproxy.log
c:\program files\Elex-tech\YAC\log\iSafeBS.log
c:\program files\Elex-tech\YAC\log\iSafeKrnlCall.log
c:\program files\Elex-tech\YAC\log\iSafeKrnlMonCall.log
c:\program files\Elex-tech\YAC\log\iSafeSvc.LOG
c:\program files\Elex-tech\YAC\log\iSafeSvc2.LOG
c:\program files\Elex-tech\YAC\main
c:\program files\Elex-tech\YAC\msvcp110.dll
c:\program files\Elex-tech\YAC\msvcr110.dll
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\AdblockToggle.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\Add.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\Beta.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\check.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\Delete.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\edit_bg.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\lock_ico.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\opt_arrow_down.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_bk.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_itemskin.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\Resource.xml
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\unlocked_ico.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList_gray.png
c:\program files\Elex-tech\YAC\skin2\AdBlock\layout\default\AdBlockView.xml
c:\program files\Elex-tech\YAC\skin2\AdBlock\style\Style.xml
c:\program files\Elex-tech\YAC\skin2\app\image\new\about_bg.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\activity.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\activity_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\appstore_new.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\appstore_refresh.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\BG.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\btn_set.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\check_checked.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\check_indeterminate.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\check_uncheck.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\cm_iconlist.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\combo_browser_dropdown_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\connecting_anim.gif
c:\program files\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk_arrow.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_onekey_up_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_reboot_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\bk_bag.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\bk_green.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\bk_orange.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\bk_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\btn_repair.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_adblock_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_back_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_cancel.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_do.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_number_0.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_hover.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_normal.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_pressed.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_plus_normal.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_ok_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_plus_normal.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon_warning.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon_warning.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_mid.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_pic.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_small.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon_warning.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon_warning.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_arrow_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_type_btn_bottom_line.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_bn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_gb.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_bn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_kn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_mn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kb.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mb.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\exam_vscroll.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\green_right.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\icon_big_home.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\ignore_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\manual_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\manual_item.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\number_big_green.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_down.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_up.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\right_green.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\score_none.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\warning_blue.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\warning_gray.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\warning_red.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\warning_yellow.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\exam\yellow_wrong.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\head_checked.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\head_indeteminate.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\head_unchecked.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_adblock.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_adw_clean.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_appstore.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_avira.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_deep_clean.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_exam.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_netmon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_optimize.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_protect.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_recovery.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_softmgr.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_toolbox.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\icon_virusscan.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\if_block.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\if_prompt.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\if_question.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\if_warning.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\language_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\language_selected_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\like.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\like_count.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\line1.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\line2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\listctrlbtn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\menu_bkg.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\menu_bkg2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\menu_nation_iconlist.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\menu_setting_over.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\msgbox_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\number_bg.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\number_bg2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\pop_sys_button2.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\pop_sys_close.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\progressbar_anim.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\progressbar_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\progressbar_image.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\recovery.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\resource.xml
c:\program files\Elex-tech\YAC\skin2\app\image\new\setting.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\setting_img_list.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\slidebutton_bg.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\small_dl.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\small_download.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\small_new.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\small_progress.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\small_progress_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\special_line.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\startmenu_deepclean.ico
c:\program files\Elex-tech\YAC\skin2\app\image\new\sub_toggle_btn.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\sys_imglist.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\tab_bg.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_check.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_cheking.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_chk_err.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_chk_ok.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_client_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_downlodaing.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_error.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_latest.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\update_server_icon.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\updatedlg_ok_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\vscroll.png
c:\program files\Elex-tech\YAC\skin2\app\image\new\wifi_logo.png
c:\program files\Elex-tech\YAC\skin2\app\layout\new\aboutdlg.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\dbupdatedlg.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\DemoApp.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\language_select.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\maindlg.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\msgbox.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\slide_button_wnd.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\tipwnd.xml
c:\program files\Elex-tech\YAC\skin2\app\layout\new\updatedlg.xml
c:\program files\Elex-tech\YAC\skin2\app\style\style_new.xml
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\bg.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\crash_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\detail_bg.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\error_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\input.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\reset_yac_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\send_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\smell_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\sorry_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\sucess_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\vscroll.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\wait.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\wait_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\res\waitting_ico.png
c:\program files\Elex-tech\YAC\skin2\bugreport\image\default\resource.xml
c:\program files\Elex-tech\YAC\skin2\bugreport\layout\default\detailwnd.xml
c:\program files\Elex-tech\YAC\skin2\bugreport\layout\default\mainwnd.xml
c:\program files\Elex-tech\YAC\skin2\bugreport\style\style.xml
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk2.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_adware_icon.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_auto_clean_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_clean_smile_face.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_full_scan_virus_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_junk_icon.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_list_header_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_delete.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_disable.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_icon.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_normal.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_type_iconlist.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_privacy_icon.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_quick_clean_iconlist.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_quickclean_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_reg_iconlist.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_registry_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_rubbish_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_scan_check.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_scan_detail_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_share_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_sysmenu_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\cl_trace_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_combo_skin.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_down_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_up_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk1.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk2.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk3.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk4.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk5.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk6.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_box_select_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_button_open.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_default_image.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_eye_bk.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_file_browser.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_path_edit.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_progress_animate.gif
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_tipwnd_warnning.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_togbtn_bg.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\clean_res.xml
c:\program files\Elex-tech\YAC\skin2\clean\image\default\opt_new_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\opt_rightkeymenu_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\image\default\opt_sendto_ico.png
c:\program files\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPFSettingDlg.xml
c:\program files\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPopDlg.xml
c:\program files\Elex-tech\YAC\skin2\clean\layout\default\NewCleanView.xml
c:\program files\Elex-tech\YAC\skin2\clean\layout\default\ScanDetailDlg.xml
c:\program files\Elex-tech\YAC\skin2\clean\layout\default\Tipswnd.xml
c:\program files\Elex-tech\YAC\skin2\clean\style\clean_style.xml
c:\program files\Elex-tech\YAC\skin2\common\image\default\arrow_down.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\arrow_up.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\check_checked.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\check_indeterminate.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\check_uncheck.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\close_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\color_blue_bg.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\color_green_bg.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\color_red_bg.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\color_yellow_bg.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\common_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\common_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\common_faq_icon.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\common_res.xml
c:\program files\Elex-tech\YAC\skin2\common\image\default\common_tip_icon.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\feedback_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\head_checked.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\head_indeteminate.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\head_unchecked.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\if_block.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\if_prompt.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\if_question.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\if_warning.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\min_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox_close_btn.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_blue.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_green.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\msgbox2_warning.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\nation_icon_list.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\progressbar_anim.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\progressbar_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\progressbar_image.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\pvb_line.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\pvb_skin.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\scan_check.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\scan_complete.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\scan_scanning.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\scan_warning.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\scanview_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\switch_button_off.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\switch_button_on.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\toggle_btn_pop_bk.png
c:\program files\Elex-tech\YAC\skin2\common\image\default\vscroll.png
c:\program files\Elex-tech\YAC\skin2\common\layout\msgbox.xml
c:\program files\Elex-tech\YAC\skin2\common\layout\msgbox2.xml
c:\program files\Elex-tech\YAC\skin2\common\style\common_style.xml
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\close_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk1.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk2.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_complete_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_ctrl_close_btn.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_edit_skin.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_ctrl_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_live_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_warning.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_pay_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_problem_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_report_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_suggestion_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_tip_bk.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_wait_anim.gif
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_warning_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\fb_yac_icon.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\resource.xml
c:\program files\Elex-tech\YAC\skin2\fbSkin\image\default\tab_bg.png
c:\program files\Elex-tech\YAC\skin2\fbSkin\layout\default\feedback_view.xml
c:\program files\Elex-tech\YAC\skin2\fbSkin\layout\default\mainwnd2.xml
c:\program files\Elex-tech\YAC\skin2\fbSkin\layout\default\msgbox.xml
c:\program files\Elex-tech\YAC\skin2\fbSkin\style\style.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_1.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_2.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_3.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_4.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_5.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_default.png
c:\program files\Elex-tech\YAC\skin2\iDesk\desk_bkg_list.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\foldericon\app.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\foldericon\file.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\foldericon\folder.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\foldericon\picture.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\add_list_over.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\add_list_til_line.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\app.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrange_arrow.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_b.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_l.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_r.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_t.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_green_bg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\check_uncheck.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\main_bg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrow_left.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\arrow_right.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\btn_accelerate_bg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\button_delete.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\button_selected.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\check_checked.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\check_uncheck.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\cloud_flash.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin_op.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\customize.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\default_file.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\delete_button.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_all_import.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_bkg_default.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_btn_dkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_button_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_cmd_list.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_default_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit_light.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_fbar.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_left.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_right.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_button_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_gridctrl_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_add_other.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_list_add.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_list.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_list_light.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_loading.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_main_panel_edge.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_menu.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_more.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_pc.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_a.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_b.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_light.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_unlight.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\desk_skin.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\deskbtnbk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin_op.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\file.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\focus_next.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\focus_prev.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\folder.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_18-18.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_22-22.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\icon_arrange.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\icon_Tip.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view_a.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\import_scroll.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\improve_arrow.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\large_add_icon.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\line-foot.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\list_scroll.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\logo_small.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_accelerate.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_arrow.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_help.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_icon.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_import.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_noad.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_open.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_quit.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_restore.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_sendto.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menu_set.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\menuitem_selbk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_next.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_pre.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\mousechoose.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\mypc_bkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\new_icon.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_large.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_small.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_xp.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\normal_button_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\nothing.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg_focus.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\PageNavigate.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\pic-error.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\pic-info.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\pic-question.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\pic-warning.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\picture.ico
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\plus_action_bg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\resource.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\search_box.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\search_button.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\search_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\selected.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_button_bkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_more_button_bkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\start_button_hover.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\start_panel_bkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\start_shutdown_arrow.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\switch_style.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_ctrl_panel.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_imglist.bmp
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_local_driver.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_lock.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_menu_bkg.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_net_connect.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_recycle.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_restart.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\sys_sleep.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_bottom.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_left.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_right.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_top.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_bottom.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_left.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_right.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_top.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_add_focus.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_bottom.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_left.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right_large.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_browser_focus.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_point.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_rect.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_drag.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_focus.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_point.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\tips_button_close.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\title_bar.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\user_account_default.bmp
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\vscroll.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_X.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_Y.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_X.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_Y.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_16_over.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_32_over.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_hover.png
c:\program files\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_normal.png
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\add_shortcut_tip.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\arrange_desktop.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\desk_bkg.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip1.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip2.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\main_import_icon.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\main_panel.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\main_setting.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\main_start.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\my_pc_menu.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\plus_import_icon.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\rename.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\layout\default\taskbar.xml
c:\program files\Elex-tech\YAC\skin2\iDesk\style\style.xml
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\about.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\adb.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\bep.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\bth.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\check.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\dse.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\emailprotect.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\fw.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\general.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\iSafeSet_res.xml
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\jfm.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\lang.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\lang_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\image\default\nation_icon_list.png
c:\program files\Elex-tech\YAC\skin2\iSafeSet\layout\default\iSafeSetView.xml
c:\program files\Elex-tech\YAC\skin2\iSafeSet\style\iSafeSet_style.xml
c:\program files\Elex-tech\YAC\skin2\Lottery\layout\default\Lottery.xml
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\birds.ico
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game_btn_big_bg.jpg
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game_btn_big_fg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game_neterror_tips.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game1_btn_fg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game2_btn_fg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game3_btn_fg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\game4_btn_fg.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Gibbets.ico
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\gift.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\gift_neterror_tips.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\glops.ico
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\loading_big.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Lottery_BG.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Lottery_logo.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\pc.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\play.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Resource.xml
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Toggle_left_btn.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\Toggle_right_btn.png
c:\program files\Elex-tech\YAC\skin2\Lottery\resouce\default\zuma.ico
c:\program files\Elex-tech\YAC\skin2\Lottery\style\Style.xml
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_down.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_up.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_bk.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_button_bk.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_close_button.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_indeterminate.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_loading.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_logo.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_minimum_button.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_percent.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_white.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_brush.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_complete.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_brush.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_complete.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_start.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_install_brush.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_normal.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_op_complete.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_warning.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_point.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_res.xml
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_select.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_speed_bar.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unable.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_b.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_gb.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_kb.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_mb.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unselect.png
c:\program files\Elex-tech\YAC\skin2\NewClean\image\newclean\vscroll.png
c:\program files\Elex-tech\YAC\skin2\NewClean\layout\newclean\NewCleanDlg.xml
c:\program files\Elex-tech\YAC\skin2\NewClean\layout\newclean\tipsWnd.xml
c:\program files\Elex-tech\YAC\skin2\NewClean\style\new_clean_style.xml
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_appsvc_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_down_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_up_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_boottime_nodata_ico.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_bottom.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_top.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_dropdown_bk.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_startup_app_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_sysmenu_def_ico.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_syssvc_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_taskschedule_icon.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_type_iconlist.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\opt_vert_line.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\optimize_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\optimize_empty.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\optimize_restore_bg.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\pop_OptDlg_BG.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\resource.xml
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\st_green.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\st_orange.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\st_red.png
c:\program files\Elex-tech\YAC\skin2\optimize2\image\default\syssvc_ico.png
c:\program files\Elex-tech\YAC\skin2\optimize2\layout\default\optimize_popdlg.xml
c:\program files\Elex-tech\YAC\skin2\optimize2\layout\default\OptimizeView.xml
c:\program files\Elex-tech\YAC\skin2\optimize2\style\style.xml
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plug_ico.png
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plug_norm.png
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plug_sec_level.png
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plug_should_del.png
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plug_should_dis.png
c:\program files\Elex-tech\YAC\skin2\plugin\image\default\plugin_res.xml
c:\program files\Elex-tech\YAC\skin2\plugin\layout\default\PluginView.xml
c:\program files\Elex-tech\YAC\skin2\plugin\style\plugin_style.xml
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\bing_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\blank_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\bo.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\bp.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\bw.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\cdbh.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\cdsh.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\check.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\chph.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\chrome_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\cseh.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\dp.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_bg.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_skin.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\empty.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_dlg_bg.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_checked.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_unchecked.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\firefix_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\fr.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\google_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\google_small.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\ie_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\iph.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\lastsession_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\lock_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\locked_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\oh.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\opera_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\opt.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\opt_vert_line.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_OptDlg_BG.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_toggle_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_bk.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_itemskin.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\pwb.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\query_btn_safe.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\SafeProtect_res.xml
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\savebtn_bg.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\syssvc_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\to.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\tp.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\tw.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\unlocked_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\yac_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_ico.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_small.png
c:\program files\Elex-tech\YAC\skin2\SafeProtect\layout\default\examdlg.xml
c:\program files\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtect_popdlg.xml
c:\program files\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtectView.xml
c:\program files\Elex-tech\YAC\skin2\SafeProtect\style\SafeProtect_style.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk1.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk2.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_bkg.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_remain_ctrl_iconlist.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_software_def_ico_20.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm_warning_ico.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_check_arrow_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_close_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_collapse_arrow.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_expand_arrow.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_folder_icon.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_opt_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_anim_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator_green.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_box_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_icon.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_software_def_ico_48.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_found.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_nofound.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_uninst_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_vscroll.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_warning_icon.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\sm2_whirling_pic.png
c:\program files\Elex-tech\YAC\skin2\softmgr\image\default\softmgr_res.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide2.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_result.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView2.xml
c:\program files\Elex-tech\YAC\skin2\softmgr\style\softmgr_style.xml
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\bg.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_1.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_2.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\smell_ico.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\sorry_ico.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_iconlist.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\vscroll.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait_ico.png
c:\program files\Elex-tech\YAC\skin2\TaskHelper\image\default\resource.xml
c:\program files\Elex-tech\YAC\skin2\TaskHelper\layout\default\autoclean_guide.xml
c:\program files\Elex-tech\YAC\skin2\TaskHelper\layout\default\softuninstallwnd.xml
c:\program files\Elex-tech\YAC\skin2\TaskHelper\style\style.xml
c:\program files\Elex-tech\YAC\skin2\ToolBox\image\default\Resource.xml
c:\program files\Elex-tech\YAC\skin2\ToolBox\image\default\tb_close.png
c:\program files\Elex-tech\YAC\skin2\ToolBox\image\default\tb_default.png
c:\program files\Elex-tech\YAC\skin2\ToolBox\image\default\tb_download.png
c:\program files\Elex-tech\YAC\skin2\ToolBox\image\default\tb_new.png
c:\program files\Elex-tech\YAC\skin2\ToolBox\layout\default\ToolBoxView.xml
c:\program files\Elex-tech\YAC\skin2\ToolBox\style\Style.xml
c:\program files\Elex-tech\YAC\skin2\tray2\image\if_block.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\if_prompt.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\if_warning.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\notify_bk_dang.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\notify_bk_safe.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\notify_bk_warning.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\pop_sys_close.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_bk_dang.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_bk_safe.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_bk_warning.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_btn_dang.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_btn_safe.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\query_btn_warning.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\tray2\image\traymenu_dlg_bk2.png
c:\program files\Elex-tech\YAC\skin2\tray2\image\vscroll.png
c:\program files\Elex-tech\YAC\skin2\tray2\layout\pop\tippop.xml
c:\program files\Elex-tech\YAC\skin2\tray2\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\tray2\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\ad_arrow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\adblock_guide_icon.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off1.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on1.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\rubbish.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\image\traymenu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\adblockguide.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\cleartrash.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\strongUnist.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Feedback\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowdown_green.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowup_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\clean_junk_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\default_program_icon.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download_gray.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_right_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_btn_close_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_menu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_down_arrow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_flow_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_up_arrow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_numer.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_orange.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sh_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sv_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_speed_test_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_left.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_right.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_close_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_go_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk_red.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_gl.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_roulette.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_gl.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_roulette.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_round_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_left.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_right.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\floattray_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_number.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_unit.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\IPicon.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_bkg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_green_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_yellow_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_network_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_number.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_unit.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\sys_imglist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_download.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_upload.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_arrow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light1.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatarrow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatnetbtnico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\traymenu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray_mark.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\image\yaclogo.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floatplugin.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd_hide.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\swing_anim.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\throwdlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloaty2.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2_bottom.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar_wifi.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Floaty\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\app.ico
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\file.ico
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\folder.ico
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\picture.ico
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\app.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_cancel.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_close.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_green_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\file.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\folder.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\logo_small.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\main_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\picture.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\yac_logo.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\idesk_icon.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\image\traymenu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\arrange_desktop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\iDesk\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\layout\default\MsgCenterDlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\close.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\logo.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Msg_BG.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\MsgCenter\style\Style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_slow_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_warning_button.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_checked.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_unchecked.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_cancel_btn2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_ico_query.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traymenupop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Nodisturb\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\bing_16_16.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\chrome_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser_dropdown_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_skin4.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\firefix_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\google_16_16.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_16_16.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\isafe_16.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_slow_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_warning_button.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_checked.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_unchecked.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_iconlist.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_cancel_btn2.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_ico_query.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\image\yahoo_16_16.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\accesslink.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\blockblacklist.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\lock_guide.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify2.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traydlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traymenupop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Protect\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\close.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\Location_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_left.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_right.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_blue_number.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_yellow_number.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_fast_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_nomall_button.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_slow_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_warning_button.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_comb_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_vscoll.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_close.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_Setting.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_star.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_m.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_percent.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_s.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number_fuzzy.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_optimize_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_large.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_middle.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_small.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_large.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_small.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_blue.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_blue.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_yellow.jpg
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_yac_logo.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\weather_icon.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\yellow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\daily_news.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_2.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_3.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_weather.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\StartupAssist\style\style.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\Anti_Malware.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\green_bk_new.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\green1_bk_new.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\point.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_scan.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unknow.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_bg.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_btn.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_ico.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_dlg_bk.png
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectbrowserriskpop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectriskpop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\downloadprotect.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\outdatepop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\premiumuserpop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\PrivilegeTerminateDlg.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\updatevirussuccesspop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\layout\virusdboutofdatepop.xml
c:\program files\Elex-tech\YAC\skin2\trayplugin\Virus\style\style.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\image\av_authority_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\combo_list.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\custom_check.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\custom_uncheck.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\dl_inst_antymal_icon.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\dl_inst_clean_icon.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\dl_inst_optimize_icon.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\dl_inst_protect_icon.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_arrow_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_bk2.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\ico_app.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\ico_face.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\ico_upgrade.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\inst_cover_bg.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\install_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\install_combo_skin.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\install_logo.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\install_prog_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\install_prog_meter.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\open_dir.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\popup_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\resource.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\image\soft_cof_button_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\soft_remove_button_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_acc.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg1.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg2.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_clean.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_complete.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_cry.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_func_intr.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_func_up.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_func1.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_func3.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_input.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_prog_bg.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_progress.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_protect.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninst_spliter.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_bg.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_1.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_2.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_3.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_4.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_5.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_6.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_7.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\upgrade_bg.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_bk.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_meter.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\vscroll.png
c:\program files\Elex-tech\YAC\skin2\uninstall\image\yac_side_ico.png
c:\program files\Elex-tech\YAC\skin2\uninstall\layout\cover.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\layout\install.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\layout\uninstall_logo_fade.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\layout\uninstallpro.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\layout\upgrade.xml
c:\program files\Elex-tech\YAC\skin2\uninstall\style\style.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\avangate.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\avangateflag.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\button_blue.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\button_buy.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\button_green.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\button_yellow.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\buy_flag.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\centili.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_close.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\close_message_box_warning.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\cseh.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\edit_skin.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\free_flag_icon.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\general_buy_icon.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\green_bk_new.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\green1_bk_new.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\guarantee.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW_gray.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP_gray.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS_gray.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\main_item_status.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\mobileflag.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\new.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\pay_cancel.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\paypal.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\paypaldetail.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\paypalflag.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\point.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\premium_button_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\premium_flag_icon.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\radio_checked.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\radio_unchecked.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\red_bk_new.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\result_danger.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\result_safe.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\risk_item_see_about_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\skrill.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\skrillflag.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\trail_flag_icon.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_certification_list_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_common_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_green.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_red.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_delete_btn.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_collapse_arrow.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_expand_arrow.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature_right.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_btn_iconlist.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_arrow.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_iconlist.jpg
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_d.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_green.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_red.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_bkg.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_item_over.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_normal.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_green.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_red.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_red.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_restore_btn.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_safe.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_scaning.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_virus.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_setting_icon.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_combo_skin.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_edit_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_save_btn_bk.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db_out.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virus_yellow.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_btn_bg.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_but_bg.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Btn_BG.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Loading.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_OptDlg_BG.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_res.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_BG.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_Cancel_BTN_BG.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_EditSkin.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Tab_Vert_Line.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\wait.gif
c:\program files\Elex-tech\YAC\skin2\VirusScan\image\default\yellow_bk_new.png
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\ChooseOptionMessageBox.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\CloseMessageBox.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\explorer_folder_dlg.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\FinishScanFirstMessageBox.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\InputEmailDlg.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\TrialFeatureDlg.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\virushovertip.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_popdlg.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_settingdlg.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanFeatureView.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanView.xml
c:\program files\Elex-tech\YAC\skin2\VirusScan\style\VirusScan_style.xml
c:\program files\Elex-tech\YAC\sqlite3.dll

Suca · 12.05.2015, 12:06

c:\program files\Elex-tech\YAC\ssleay32.dll
c:\program files\Elex-tech\YAC\tws\antirk.dll
c:\program files\Elex-tech\YAC\tws\common.ini
c:\program files\Elex-tech\YAC\tws\ctools.dll
c:\program files\Elex-tech\YAC\tws\decexp.dll
c:\program files\Elex-tech\YAC\tws\defs\base0000.dat
c:\program files\Elex-tech\YAC\tws\defs\base0001.dat
c:\program files\Elex-tech\YAC\tws\defs\catalog.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0000.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0001.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0002.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0003.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0004.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0005.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0006.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0007.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0008.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0009.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0010.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0011.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0012.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0013.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0014.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0015.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0016.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0017.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0018.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0019.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0020.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0021.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0022.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0023.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0024.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0025.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0026.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0027.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0028.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0029.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0030.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0031.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0032.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0033.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0034.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0035.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0036.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0037.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0038.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0039.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0040.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0041.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0042.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0043.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0044.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0045.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0046.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0047.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0048.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0049.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0050.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0051.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0052.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0053.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0054.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0055.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0056.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0057.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0058.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0059.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0060.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0061.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0062.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0063.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0064.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0065.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0066.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0067.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0068.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0069.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0070.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0071.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0072.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0073.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0074.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0075.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0076.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0077.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0078.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0079.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0080.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0081.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0082.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0083.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0084.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0085.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0086.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0087.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0088.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0089.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0090.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0091.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0092.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0093.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0094.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0095.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0096.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0097.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0098.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0099.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0100.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0101.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0102.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0103.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0104.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0105.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0106.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0107.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0108.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0109.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0110.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0111.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0112.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0113.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0114.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0115.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0116.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0117.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0118.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0119.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0120.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0121.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0122.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0123.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0124.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0125.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0126.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0127.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0128.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0129.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0130.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0131.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0132.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0133.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0134.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0135.dat
c:\program files\Elex-tech\YAC\tws\defs\gen0136.dat
c:\program files\Elex-tech\YAC\tws\emlib.dll
c:\program files\Elex-tech\YAC\tws\falgorit.dll
c:\program files\Elex-tech\YAC\tws\fddsdb.dat
c:\program files\Elex-tech\YAC\tws\fddslog.txt
c:\program files\Elex-tech\YAC\tws\fgui.dll
c:\program files\Elex-tech\YAC\tws\filau.dll
c:\program files\Elex-tech\YAC\tws\filcmn.dll
c:\program files\Elex-tech\YAC\tws\filcpt.dll
c:\program files\Elex-tech\YAC\tws\filppi.dll
c:\program files\Elex-tech\YAC\tws\filpps.ini
c:\program files\Elex-tech\YAC\tws\filup.dat
c:\program files\Elex-tech\YAC\tws\filup.ini
c:\program files\Elex-tech\YAC\tws\filuplog.txt
c:\program files\Elex-tech\YAC\tws\filvss.dll
c:\program files\Elex-tech\YAC\tws\filvss.ini
c:\program files\Elex-tech\YAC\tws\filwls\figs000.dat
c:\program files\Elex-tech\YAC\tws\filwls\fils000.dat
c:\program files\Elex-tech\YAC\tws\filwls\fols000.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwgs000.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls000.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls001.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls002.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls003.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls004.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls005.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls006.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls007.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls008.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls009.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls010.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls011.dat
c:\program files\Elex-tech\YAC\tws\filwls\fwls012.dat
c:\program files\Elex-tech\YAC\tws\fsrexc.dat
c:\program files\Elex-tech\YAC\tws\fupd.dll
c:\program files\Elex-tech\YAC\tws\iSafeSvc2.exe
c:\program files\Elex-tech\YAC\tws\leave.dat
c:\program files\Elex-tech\YAC\tws\lsf.dll
c:\program files\Elex-tech\YAC\tws\mca.dll
c:\program files\Elex-tech\YAC\tws\message.dll
c:\program files\Elex-tech\YAC\tws\plugins\filavutd.dll
c:\program files\Elex-tech\YAC\tws\plugins\virut.tpl
c:\program files\Elex-tech\YAC\tws\plugmgr.dll
c:\program files\Elex-tech\YAC\tws\psmgr.dll
c:\program files\Elex-tech\YAC\tws\quarantine.dll
c:\program files\Elex-tech\YAC\tws\tsc.dll
c:\program files\Elex-tech\YAC\tws\twsdk.dll
c:\program files\Elex-tech\YAC\tws\twsupd.dll
c:\program files\Elex-tech\YAC\tws\twsupd.ini
c:\program files\Elex-tech\YAC\tws\unacev2.dll
c:\program files\Elex-tech\YAC\tws\unchm.dll
c:\program files\Elex-tech\YAC\tws\unemb.dll
c:\program files\Elex-tech\YAC\tws\unmisc.dll
c:\program files\Elex-tech\YAC\tws\unrar.dll
c:\program files\Elex-tech\YAC\tws\unsevzip.dll
c:\program files\Elex-tech\YAC\tws\unzip32.dll
c:\program files\Elex-tech\YAC\tws\vfst.dll
c:\program files\Elex-tech\YAC\tws\w32tools.dll
c:\program files\Elex-tech\YAC\tws\x64\psmgr.dll
c:\program files\Elex-tech\YAC\tws\zipexp.dll
c:\program files\Elex-tech\YAC\tws\zlib1.dll
c:\program files\Elex-tech\YAC\uninstall.exe
c:\program files\Elex-tech\YAC\uninstall.inst
c:\program files\Elex-tech\YAC\update\Engine0\upcfg.ini
c:\program files\Elex-tech\YAC\update\Engine1\bs.dat
c:\program files\Elex-tech\YAC\update\Engine1\sr.dat
c:\program files\Elex-tech\YAC\update\Engine1\vn.dat
c:\program files\Elex-tech\YAC\update\Engine1\ws.dat
c:\program files\Elex-tech\YAC\update\temp\dlcfg.ini
c:\program files\Elex-tech\YAC\update\temp\upcfg.ini
c:\program files\Elex-tech\YAC\user\co.dat
c:\program files\Elex-tech\YAC\user\softcache2.dat
c:\program files\Elex-tech\YAC\user\srd.dat
c:\program files\Elex-tech\YAC\user\svc2_com.dat
c:\program files\Elex-tech\YAC\YACcleaner.exe
c:\program files\Elex-tech\YAC\zlib1.dll
c:\programdata\ntuser.pol
c:\windows\system32\AdobePDF.dll
c:\windows\system32\DRIVERS\iSafeNetFilter.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISAFEKRNL
-------\Legacy_ISAFEKRNLKIT
-------\Legacy_ISAFEKRNLMON
-------\Legacy_ISAFEKRNLR3
-------\Legacy_ISAFENETFILTER
-------\Service_iSafeKrnl
-------\Service_iSafeKrnlBoot
-------\Service_iSafeKrnlKit
-------\Service_iSafeKrnlMon
-------\Service_iSafeKrnlR3
-------\Service_iSafeNetFilter
-------\Service_iSafeService
-------\Service_iSafeService
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-12 bis 2015-05-12 ))))))))))))))))))))))))))))))
.
.
2015-05-12 09:45 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4011043E-FA39-4DF4-B962-4D0A5B914A87}\mpengine.dll
2015-05-12 08:27 . 2015-05-12 09:57 -------- d-----w- c:\users\Susa\AppData\Local\temp
2015-05-12 08:27 . 2015-05-12 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-12 04:28 . 2015-05-12 04:28 -------- d-----w- c:\users\Susa\AppData\Local\Apple
2015-05-10 14:47 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-10 13:44 . 2015-05-10 13:44 -------- d-----w- c:\program files\VS Revo Group
2015-05-08 08:02 . 2015-05-08 08:02 -------- d-----w- c:\users\Susa\AppData\Local\Adobe
2015-05-07 17:27 . 2015-05-07 17:56 -------- d-----w- C:\FRST
2015-05-07 16:31 . 2015-05-07 16:45 -------- d-----w- C:\AdwCleaner
2015-05-07 14:03 . 2015-01-29 17:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-05-07 13:56 . 2015-05-07 13:56 -------- d-----w- c:\users\Susa\AppData\Local\VirtualStore
2015-05-06 08:43 . 2015-05-06 08:43 -------- d-----w- c:\users\Susa\AppData\Local\Google
2015-05-06 08:38 . 2015-05-06 08:38 -------- d-----w- c:\users\Susa\AppData\Local\Adobe-BackupByIllustratorCS6Portable
2015-05-06 08:38 . 2015-05-06 09:01 -------- d-----w- c:\users\Susa\AppData\Roaming\Adobe-BackupByIllustratorCS6Portable
2015-05-06 06:10 . 2015-05-06 06:10 -------- d-----w- c:\users\Susa\AppData\Local\Macromedia
2015-05-06 06:01 . 2015-05-06 06:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-05-05 21:10 . 2015-05-05 21:24 -------- d-----w- c:\users\Susa\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 21:10 . 2015-05-05 21:10 -------- d-----w- c:\users\Susa\AppData\Roaming\Panda Security
2015-05-05 20:59 . 2015-05-06 06:29 -------- d-----w- c:\users\Susa\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2015-05-05 08:55 . 2015-05-10 14:19 -------- d-----w- c:\programdata\boost_interprocess
2015-04-16 16:21 . 2015-04-16 16:21 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-16 16:21 . 2015-04-16 16:21 -------- d-----w- c:\windows\system32\appraiser
2015-04-16 06:24 . 2015-04-16 06:24 -------- d-----w- c:\program files\Common Files\Skype
2015-04-15 12:28 . 2015-04-15 12:28 18178736 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-04-15 06:05 . 2015-03-05 04:06 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 06:04 . 2015-03-13 02:42 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-04-15 06:04 . 2015-03-13 03:26 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-04-15 06:04 . 2015-03-13 02:56 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-04-15 06:04 . 2015-03-13 02:49 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-04-15 06:04 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 05:54 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 05:54 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 12:29 . 2012-04-07 15:03 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 12:29 . 2011-10-26 17:46 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 21:32 . 2015-03-31 19:37 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1140ECC2-F7A1-4978-9F48-9EAE13EB8593}\gapaengine.dll
2015-03-25 21:32 . 2012-02-10 07:33 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:00 . 2015-04-15 06:04 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 06:04 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 06:04 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:04 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 06:04 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:04 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:04 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 06:04 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 06:04 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 06:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 06:04 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-17 04:57 . 2015-04-15 06:06 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57 . 2015-04-15 06:06 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57 . 2015-04-15 06:06 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57 . 2015-04-15 06:06 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57 . 2015-04-15 06:06 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57 . 2015-04-15 06:06 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57 . 2015-04-15 06:06 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-15 06:06 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:56 . 2015-04-15 06:06 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56 . 2015-04-15 06:06 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-13 03:28 . 2015-04-15 06:04 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 02:20 . 2015-04-15 06:05 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-03-03 13:16 . 2011-10-26 16:02 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:11 . 2015-03-14 02:20 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-25 19:03 . 2015-02-25 19:03 124688 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2015-02-25 19:03 . 2015-02-25 19:03 100624 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2015-02-25 19:03 . 2015-02-25 19:03 168208 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2015-02-25 19:03 . 2015-02-25 19:03 113936 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2015-02-25 19:02 . 2015-02-25 19:02 140048 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2015-02-25 19:02 . 2015-02-25 19:02 105232 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2015-02-25 17:58 . 2015-02-25 18:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-20 04:13 . 2015-03-11 05:27 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 05:27 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 05:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 05:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 05:27 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-11 14:05 220632 ----a-w- c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-11 14:05 220632 ----a-w- c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-11 14:05 220632 ----a-w- c:\users\Susa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Susa\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2010-09-10 143360]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2015-02-26 40184]
.
c:\users\Susa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 10:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2010-09-10 08:01 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Internet Everywhere. RunOuc;Internet Everywhere. OUC;c:\program files\Internet Everywhere\UpdateDog\ouc.exe [2012-12-11 657504]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 CFcatchme;CFcatchme;c:\combofix\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 96000]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-12-03 205312]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 KSafeSvc;KSafe service;c:\users\Susa\AppData\Local\Temp\RarSFX2\KSafeSvc.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2010-11-12 254720]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312]
S1 MpKsl7a5f7055;MpKsl7a5f7055;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CCF7F2-896B-4064-9DEF-B1156AB07AD2}\MpKsl7a5f7055.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2015-02-09 86800]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2015-02-09 202128]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2015-02-09 109584]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2015-02-09 126480]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2014-12-31 41744]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2015-02-09 99856]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2015-02-09 61712]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2015-02-09 120592]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2015-02-09 281232]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2015-02-09 205456]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2015-02-09 108432]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2015-02-09 239888]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2015-02-09 94864]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2015-02-25 168208]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-02-26 142584]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-09 66808]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2015-02-25 140048]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2015-02-25 105232]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2015-02-25 113936]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2015-02-25 124688]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2015-02-25 100624]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-02-26 38136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 76544]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2015-01-29 50320]
S4 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13486&tm=-15857&src=hmp
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
TCP: Interfaces\{04249BF3-5A3C-470E-B268-B245EEC7619D}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{6FA091DD-49A7-4823-B497-2530D0C725C8}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{9E627CDD-5B74-4F06-9730-F4E8177C80CD}: NameServer = 197.199.255.254 217.52.47.130
TCP: Interfaces\{A03844A5-6509-4E10-9EBE-F4FF20585BD6}: NameServer = 10.9.11.21 10.9.11.22
TCP: Interfaces\{FBE4EBB7-63DF-4542-A57B-083B252058F2}: NameServer = 83.224.70.77 83.224.70.54
FF - ProfilePath - c:\users\Susa\AppData\Roaming\Mozilla\Firefox\Profiles\9ywxjygu.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-iSafe - c:\program files\Elex-tech\YAC\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2568)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Internet Everywhere\OnlineUpdate\ouc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DllHost.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\users\Susa\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-12 12:08:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-05-12 10:07
ComboFix2.txt 2015-05-11 15:22
.
Vor Suchlauf: 25,298,440,192 bytes free
Nach Suchlauf: 26,137,444,352 bytes free
.
- - End Of File - - 447897EE848C1A1C2EC81F6734E21DC8
A36C5E4F47E84449FF07ED3517B43A31

Perfekt. YAC ist nicht mehr in den installierten Programmen gelistet. Ist es nun tatsaechlich weg?

schrauber · 13.05.2015, 06:59

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

11.05.2015, 09:46	#6
schrauber /// the machine /// TB-Ausbilder	Virus? iSafeSrvMon.dll Lass bitte Combofix laufen und poste mir das Logfile __________________ --> Virus? iSafeSrvMon.dll

Virus? iSafeSrvMon.dll

Plagegeister aller Art und deren Bekämpfung: Virus? iSafeSrvMon.dll