﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Corina (2015-10-17 14:17:03)
Running from C:\Downloads\Software
Windows 10 Home (X64) (2015-08-16 20:42:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3753039968-2491021084-3569134365-500 - Administrator - Disabled)
Corina (S-1-5-21-3753039968-2491021084-3569134365-1001 - Administrator - Enabled) => C:\Users\elzad
DefaultAccount (S-1-5-21-3753039968-2491021084-3569134365-503 - Limited - Disabled)
Guest (S-1-5-21-3753039968-2491021084-3569134365-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.6.0.1031 - 360 Security Center)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AirDroid 3.2.0.0 (HKLM-x32\...\AirDroid) (Version: 3.2.0.0 - Sand Studio)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ClocX (1.6.0) (HKLM-x32\...\ClocX) (Version:  - )
Desktop-Reminder 2 (HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Desktop-Reminder 2) (Version: 2.116 - Polenter - Software Solutions)
Desktop-Reminder 2 (x32 Version: 2.116 - Polenter - Software Solutions) Hidden
Display Stix 2.1.1 (HKLM-x32\...\Display Stix2.1.1) (Version:  - )
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
EaseUS Todo Backup Free 8.6  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.6 - CHENGDU YIWO Tech Development Co., Ltd)
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX218 Series Manuál (HKLM-x32\...\EPSON SX218 Series Manual) (Version:  - )
f.lux (HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\Flux) (Version:  - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Freemake Audio Converter verze 1.1.4 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.4 - Ellora Assets Corporation)
Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
jetAudio 8.1.x Czech Language Pack (HKLM-x32\...\jetAudio 8.1.x Czech Language Pack) (Version:  - )
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LEGO Minifigures Online (HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\423b93224c69643b) (Version: 1.0.0.0 - Funcom)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 41.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 cs)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 cs)) (Version: 38.3.0 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nezapomen 3.5.80 (HKLM-x32\...\Nezapomen_is1) (Version: 3.5.80 - )
Odinstalace tiskárny EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Program 365dní (HKLM-x32\...\{9A4CBA78-CFAD-4058-9AB8-532F5DF44682}_is1) (Version: 7.1.0.6 - goNet s.r.o.)
QTranslate 5.5.1.1 (HKLM-x32\...\QTranslate) (Version: 5.5.1.1 - QuestSoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.3.0.201 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinTools.net Professional version 14.3.1 (HKLM-x32\...\{7FFFD2AE-950E-4BD1-AF7C-32E6CC15F481}_is1) (Version: 14.3.1 - WinTools Software Engineering, Ltd.)
WOLFCODERS CamBlocker (HKLM-x32\...\{E2A750B6-5ED8-4111-A420-D9004A5FCB11}_is1) (Version:  - WOLFCODERS)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-09-2015 14:55:43 Revo Uninstaller's restore point - GlassWire 1.0 (remove only)
03-10-2015 11:38:27 Serviio restore point
07-10-2015 05:58:20 Installed FreeLanguageTranslator 3.6
07-10-2015 05:59:17 Installed FreeLanguageTranslator 3.6
07-10-2015 06:32:18 Simpo PDF to Word restore point
07-10-2015 06:33:44 Installed FreeLanguageTranslator 3.6
08-10-2015 18:03:47 AirDroid 3.2.0.0 restore point
09-10-2015 15:09:15 Installed Classic Shell
09-10-2015 15:11:30 Installed Classic Shell
09-10-2015 15:19:28 Installed Classic Shell
14-10-2015 17:46:57 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12DFAC7B-9007-47E2-9C25-E60BD34BE542} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-10-08] (Siber Systems)
Task: {1C22C6CD-B37D-4E62-B402-4A6A2DA7A166} - System32\Tasks\Uninstaller_SkipUac_Corina => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-24] (IObit)
Task: {4004373B-F5A1-40A6-99C2-A2B29F1F35D1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {40A56945-D041-43B5-9ED3-C2DB06BF4A1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation)
Task: {65766513-5E16-4B95-A615-5FB394346F12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {65E35795-D4DF-46C5-AF2A-421842AA7763} - \Open URL by RoboForm -> No File <==== ATTENTION
Task: {70B1E3B6-FCB9-4410-BCCF-1B24534CC7D1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {80F9FD24-3A59-4404-97A6-563190B702C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {861F640B-5AB7-43B2-B6E5-FBDA2FF4EAFC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {AFD224F6-4BA6-4061-9B55-391C81225296} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B9331D15-2AE4-4045-905D-574E3DC62B3F} - System32\Tasks\Uninstaller_SkipUac_elzad => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-24] (IObit)
Task: {D137B636-68B3-4AA2-839B-D1F5F7C32C48} - System32\Tasks\{1BC548F3-752D-4F88-B79D-479E1CC79ECD} => pcalua.exe -a C:\Downloads\Software\srwa5-1.61.4.exe -d C:\Downloads\Software
Task: {EA1B1997-6D4E-4515-BE45-760682708C41} - \{C9713672-B6B8-4E6A-B2F5-F84C9DEED700} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Corina.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_elzad.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 10:43 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:29 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-16 22:45 - 2015-08-16 22:45 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-08-17 04:37 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-09-13 15:30 - 2015-09-21 06:10 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2015-08-17 04:37 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-09-22 08:01 - 2015-09-22 08:01 - 07860224 _____ () C:\Program Files (x86)\AirDroid\Android.dll
2014-03-19 15:18 - 2014-03-19 15:18 - 00630784 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
2015-09-13 15:30 - 2015-09-21 06:10 - 00578168 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2015-10-09 16:16 - 2015-10-08 17:38 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-10-09 16:16 - 2015-10-08 17:38 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-10-09 16:16 - 2015-10-08 17:38 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-10-09 16:16 - 2015-10-08 17:39 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-10-09 16:16 - 2015-10-08 17:39 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-10-09 16:16 - 2015-10-08 17:39 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2015-08-17 05:21 - 2015-10-05 11:22 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-08-17 05:21 - 2015-10-05 11:22 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-10-14 15:35 - 2015-10-09 02:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-14 15:35 - 2015-10-09 02:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-08-21 12:56 - 2015-08-07 14:48 - 04932712 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2015-08-21 12:56 - 2015-07-23 16:08 - 00324096 _____ () C:\Program Files (x86)\Free Download Manager\ytparser.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
AlternateDataStreams: C:\Users\elzad\Desktop\Bakker objednávka.eml:OECustomProperty
AlternateDataStreams: C:\Users\elzad\Desktop\brýle čistička.eml:OECustomProperty
AlternateDataStreams: C:\Users\elzad\Desktop\nunčaky.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\Control Panel\Desktop\\Wallpaper -> D:\Fotografie\Zahrada\Zahrada 2014 (7).JPG
DNS Servers: 10.0.0.1 - 10.0.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: OneDrive => 
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "c:\program files\zoner\photo studio 16\program32\zpstray.exe"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => 
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3753039968-2491021084-3569134365-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C7C51795-EA99-4473-8EC5-8159E1C650E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7FEFDD2-8927-4D27-8AC6-49FE0EF518C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F14719CD-35D7-4317-9964-630DA03F4F6F}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{7E62A06C-F75E-4352-98C1-E8A69D2DAA09}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{5EF36AFE-7E83-4069-9097-F23E5AA64976}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4BB191FA-94EE-4BD2-9B9D-46490860D885}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B4DF4621-5C99-4477-9CDB-73E6AA04F7BF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{AB52DF19-75EE-4E9E-A4E1-C90FF919D2E0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{785253F1-15F2-49DD-9D2B-E0B9055DA8C7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{32612E9C-7162-4D4A-A4B5-FCE5E398D7D1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{1354A78B-071E-44AC-A6E7-42842C9C4928}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{681758D0-24E8-49BE-9581-4C1FFDC7CAF3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{F9354591-9B45-4248-B175-FE2910B4CA0B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{68E29F06-F7E0-4E32-B72B-B015046B8B83}C:\users\elzad\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\elzad\desktop\myphoneexplorer portable\myphoneexplorer portable.exe
FirewallRules: [UDP Query User{B91674C3-3679-43F9-A039-CFDEB2F2A4F9}C:\users\elzad\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\elzad\desktop\myphoneexplorer portable\myphoneexplorer portable.exe
FirewallRules: [{5570AE69-9A1F-4EF8-8AFF-96B5AEE5D062}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{B7C17973-328E-4600-830B-C92074BF18AF}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{E4F48AE5-B2A0-444C-BD87-BFA8AB88A056}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{85C61168-E928-4B59-9CD5-F93E219B764C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{96583723-5F5B-4C69-8744-A2FF9209ADA9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68C2277C-EFE4-4733-AD98-7C021224F60C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF1D2FB3-463B-4250-B062-5ED081E2212E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{35FA158E-B3A0-4B88-8938-CEECB26850B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C86D7A0F-D9BD-4106-9C90-1D79B7D40464}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{F10BA552-F343-4D74-8A91-554E6EC9E65D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [TCP Query User{ECE4D7D7-DB96-42C3-8CA8-535D2396880B}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{EF1387BB-2957-4752-9B10-964B5DE64F95}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{84B41259-12D0-4C7F-9BE8-A27B35AF1E4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{77217FB8-19DB-4360-BCBB-DB9F448D0AED}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{B95798C2-7F5C-4EA0-A00D-949D3150367E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2015 02:15:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
 PODROBNOSTI – Je poškozena databáze konfiguračního registru.

Error: (10/17/2015 02:15:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. 

 PODROBNOSTI – Je poškozena databáze konfiguračního registru.
 pro: C:\Users\elzad\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/17/2015 02:15:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
 PODROBNOSTI – Je poškozena databáze konfiguračního registru.

Error: (10/17/2015 02:15:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. 

 PODROBNOSTI – Je poškozena databáze konfiguračního registru.
 pro: C:\Users\elzad\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/17/2015 10:53:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JAN-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927148. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (10/17/2015 10:53:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
 PODROBNOSTI – Je poškozena databáze konfiguračního registru.

Error: (10/17/2015 10:53:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. 

 PODROBNOSTI – Je poškozena databáze konfiguračního registru.
 pro: C:\Users\elzad\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/17/2015 10:53:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
 PODROBNOSTI – Je poškozena databáze konfiguračního registru.

Error: (10/17/2015 10:53:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. 

 PODROBNOSTI – Je poškozena databáze konfiguračního registru.
 pro: C:\Users\elzad\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/17/2015 10:53:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
 PODROBNOSTI – Je poškozena databáze konfiguračního registru.


System errors:
=============
Error: (10/17/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Načítání obrázků (WIA) neuspěla při spuštění v důsledku následující chyby: 
%%5

Error: (10/17/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Server datového modelu dlaždic neuspěla při spuštění v důsledku následující chyby: 
%%5

Error: (10/17/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba StartMenu8 Service neuspěla při spuštění v důsledku následující chyby: 
%%5

Error: (10/17/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SW Update Service neuspěla při spuštění v důsledku následující chyby: 
%%5

Error: (10/17/2015 10:52:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby: 
%%1069

Error: (10/17/2015 10:52:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (10/17/2015 10:51:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/17/2015 10:51:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/17/2015 10:51:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/17/2015 10:51:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz
Percentage of memory in use: 63%
Total physical RAM: 4008.03 MB
Available physical RAM: 1479.06 MB
Total Virtual: 4712.03 MB
Available Virtual: 1643.6 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.94 GB) (Free:329.45 GB) NTFS
Drive d: (Data) (Fixed) (Total:455.94 GB) (Free:178.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2126F88B)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================