Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by bsz at 2014-12-18 10:58:05 Run:1
Running from C:\Documents and Settings\bsz\Pulpit\FRST
Loaded Profiles: bsz & pma (Available profiles: bsz & pma)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
(Microsoft Corporation) C:\Windows\explorer.exe
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\...\Run: [SpeechEngines] => C:\Documents and Settings\bsz\Dane aplikacji\SpeechEngines\spcommon.exe [113664 2014-11-17] (zLoBrZWvG)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-02] () [File not signed]
S3 catchme; \??\C:\DOCUME~1\DDABRO~1\USTAWI~1\Temp\catchme.sys [X]
U2 CertPropSvc; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 hoxxzuk; C:\WINDOWS\system32\xzrmiry.dll [X]
NETSVC: hoxxzuk -> C:\WINDOWS\system32\xzrmiry.dll ==> No File.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2094431546-3998815993-849199213-4764 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKU\S-1-5-21-2094431546-3998815993-849199213-4764 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKU\S-1-5-21-2094431546-3998815993-849199213-4764 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
C:\Documents and Settings\bsz\Dane aplikacji\eCyber
C:\Documents and Settings\bsz\Dane aplikacji\iSafe
C:\Documents and Settings\bsz\Dane aplikacji\SpeechEngines
C:\Documents and Settings\ddabrowski\Dane aplikacji\eCyber
C:\Documents and Settings\ddabrowski\Dane aplikacji\iSafe
C:\Documents and Settings\LocalService\Dane aplikacji\tor
C:\Program Files\Tor
C:\WINDOWS\grep.exe
C:\WINDOWS\MBR.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:
*****************

Processes closed successfully.
C:\Windows\explorer.exe => No running process found
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\Software\Microsoft\Windows\CurrentVersion\Run\\SpeechEngines => value deleted successfully.
tor => Service stopped successfully.
tor => Service deleted successfully.
catchme => Service deleted successfully.
CertPropSvc => Service deleted successfully.
esgiguard => Service deleted successfully.
hoxxzuk => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs hoxxzuk => Value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2094431546-3998815993-849199213-4764\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2094431546-3998815993-849199213-4764\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2094431546-3998815993-849199213-4764\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully.
"HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found.
"HKU\S-1-5-21-2094431546-3998815993-849199213-4764\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully.
C:\Documents and Settings\bsz\Dane aplikacji\eCyber => Moved successfully.
C:\Documents and Settings\bsz\Dane aplikacji\iSafe => Moved successfully.
C:\Documents and Settings\bsz\Dane aplikacji\SpeechEngines => Moved successfully.
"C:\Documents and Settings\ddabrowski\Dane aplikacji\eCyber" => File/Directory not found.
"C:\Documents and Settings\ddabrowski\Dane aplikacji\iSafe" => File/Directory not found.
C:\Documents and Settings\LocalService\Dane aplikacji\tor => Moved successfully.
C:\Program Files\Tor => Moved successfully.
C:\WINDOWS\grep.exe => Moved successfully.
C:\WINDOWS\MBR.exe => Moved successfully.
C:\WINDOWS\PEV.exe => Moved successfully.
C:\WINDOWS\sed.exe => Moved successfully.
C:\WINDOWS\zip.exe => Moved successfully.
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully.

========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========

EmptyTemp: => Removed 426.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====