Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-11-2025
Uruchomiony przez Marcin (08-01-2026 20:53:23) Run:1
Uruchomiony z C:\Users\Marcin\Downloads
Załadowane profile: Marcin
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\Run: [Marcin] => cmd.exe /c start www.url-advertisement.org (Brak pliku) <==== UWAGA
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\MountPoints2: {343708cd-b6d7-11eb-b726-309c2343f0fa} - "I:\OnePlus_setup.exe" /s
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\MountPoints2: {34370f84-b6d7-11eb-b726-309c2343f0fa} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-479834947-2641734155-682898169-1001\...\MountPoints2: {663b4635-463f-11ec-b73e-309c2343f0fa} - "J:\ready_for_assistant.exe"
HKU\S-1-5-21-479834947-2641734155-682898169-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DREAMA~1.SCR [141312 2014-06-17] () [Brak podpisu cyfrowego]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {EE94B518-C38F-4EB4-ACD8-E9DF92EF45B2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [6089584 2025-10-14] (Microsoft Windows -> Microsoft Corporation)
Task: {02BBC8EA-CBDB-4C27-9994-F4F8DDC6E767} - System32\Tasks\Marcin => C:\Windows\system32\cmd.exe [289792 2024-05-15] (Microsoft Windows -> Microsoft Corporation) -> /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Marcin /t REG_SZ /d "cmd.exe /c start www.url-advertisement.org" <==== UWAGA
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => nie znaleziono
CHR Notifications: Default -> hxxps://2ntrfi.parthonylogles.com; hxxps://izjec2.scurdpic.com; hxxps://paymentsweb.org
S3 cpuz145; Brak ImagePath
S3 IMFEFSFileControl; Brak ImagePath
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X] <==== UWAGA
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== UWAGA
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} =>  -> Brak pliku
BHO-x32: Brak nazwy -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> Brak pliku
end::
*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Marcin" => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => pomyślnie usunięto
HKU\S-1-5-21-479834947-2641734155-682898169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => pomyślnie usunięto
HKU\S-1-5-21-479834947-2641734155-682898169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I => pomyślnie usunięto
HKU\S-1-5-21-479834947-2641734155-682898169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343708cd-b6d7-11eb-b726-309c2343f0fa} => pomyślnie usunięto
HKU\S-1-5-21-479834947-2641734155-682898169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34370f84-b6d7-11eb-b726-309c2343f0fa} => pomyślnie usunięto
HKU\S-1-5-21-479834947-2641734155-682898169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{663b4635-463f-11ec-b73e-309c2343f0fa} => pomyślnie usunięto
"HKU\S-1-5-21-479834947-2641734155-682898169-1001\Control Panel\Desktop\\SCRNSAVE.EXE" => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE94B518-C38F-4EB4-ACD8-E9DF92EF45B2}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE94B518-C38F-4EB4-ACD8-E9DF92EF45B2}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{02BBC8EA-CBDB-4C27-9994-F4F8DDC6E767}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02BBC8EA-CBDB-4C27-9994-F4F8DDC6E767}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\Marcin => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Marcin" => pomyślnie usunięto
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom" => pomyślnie usunięto
"Chrome Notifications" => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\cpuz145 => pomyślnie usunięto
cpuz145 => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\IMFEFSFileControl => pomyślnie usunięto
IMFEFSFileControl => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\cpuz150 => pomyślnie usunięto
cpuz150 => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\cpuz154 => pomyślnie usunięto
cpuz154 => serwis pomyślnie usunięto
"AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}" => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Adobe.Acrobat.ContextMenu => pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => pomyślnie usunięto


System wymagał restartu.

==== Koniec  Fixlog 20:53:31 ====