Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-08-2013 01
Ran by Slawk at 2013-08-27 16:43:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 zveylomly; C:\WINDOWS\system32\zprhd.dll [167324 2009-03-21] ()
NETSVC: zveylomly -> C:\WINDOWS\system32\zprhd.dll ()
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 WsysSvc; C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)
HKLM\...\Command Processor: <======= ATTENTION
HKCU\...\Run: [lollipop_08271140] - c:\documents and settings\slawk\ustawienia lokalne\dane aplikacji\lollipop\lollipop_08271140.exe [2582528 2013-08-27] ()
MountPoints2: {1fe642a9-535f-11e2-9320-000d9d9b940e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
MountPoints2: {2d4c7520-d89f-11e0-9062-000d9d9b940e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
MountPoints2: {e9c8ca9c-3ae9-11e0-af99-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
MountPoints2: {febf090e-0a4e-11e3-944d-000d9d9b940e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1377249650
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1377249650
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1377249650
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1377249650
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1376912840
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1376912840
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1376912840
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD400JB-00FMA0_WD-WCAJ92715947&ts=1377249650
C:\WINDOWS\system32\zprhd.dll
C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\eSafe
C:\Documents and Settings\Slawk\Dane aplikacji\eIntaller
C:\autorun.inf
D:\autorun.inf
F:\autorun.inf
CMD: netsh firewall reset
*****************

zveylomly => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zveylomly => Value deleted successfully.
winzipersvc => Service deleted successfully.
WsysSvc => Service deleted successfully.
HKLM\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop_08271140 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fe642a9-535f-11e2-9320-000d9d9b940e} => Key deleted successfully.
HKCR\CLSID\{1fe642a9-535f-11e2-9320-000d9d9b940e} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d4c7520-d89f-11e0-9062-000d9d9b940e} => Key deleted successfully.
HKCR\CLSID\{2d4c7520-d89f-11e0-9062-000d9d9b940e} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9c8ca9c-3ae9-11e0-af99-806d6172696f} => Key deleted successfully.
HKCR\CLSID\{e9c8ca9c-3ae9-11e0-af99-806d6172696f} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{febf090e-0a4e-11e3-944d-000d9d9b940e} => Key deleted successfully.
HKCR\CLSID\{febf090e-0a4e-11e3-944d-000d9d9b940e} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
Could not move "C:\WINDOWS\system32\zprhd.dll" => Scheduled to move on reboot.
C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\eSafe => Moved successfully.
C:\Documents and Settings\Slawk\Dane aplikacji\eIntaller => Moved successfully.
C:\autorun.inf => Moved successfully.
D:\autorun.inf => Moved successfully.
F:\autorun.inf => Moved successfully.

=========  netsh firewall reset =========

Ok.


========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\WINDOWS\system32\zprhd.dll => Moved successfully.

==== End of Fixlog ====