Jump to content

Kape33

Members
  • Content Count

    20
  • Joined

  • Last visited

About Kape33

  • Rank
    New Member
  1. Hi, here's the logs. Thanks. Addition.txt AdwCleaner[C01].txt FRST.txt malwarebytes.txt
  2. https://www.threatcrowd.org/ip.php?ip=195.22.26.248 Need some help to clean this. Thanks in advance.
  3. # DelFix v1.013 - Logfile created 24/03/2018 at 06:07:53 # Updated 17/04/2016 by Xplode # Username : Nuno Jesus - DESKTOP-I8MFVJM # Operating System : Windows 10 Pro (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\AdsFix Deleted : C:\RegBackup Deleted : C:\Users\Nuno Jesus\Downloads\FRST-OlderVersion Deleted : C:\Users\Nuno Jesus\Desktop\mbar Deleted : C:\AdsFix.txt Deleted : C:\Users\Nuno Jesus\Downloads\Addition.txt Deleted : C:\Users\Nuno Jesus\Downloads\AdsFix.exe Deleted : C:\Users\Nuno Jesus\Downloads\adwcleaner_7.0.8.0(1).exe Deleted : C:\Users\Nuno Jesus\Downloads\adwcleaner_7.0.8.0.exe Deleted : C:\Users\Nuno Jesus\Downloads\Fixlog.txt Deleted : C:\Users\Nuno Jesus\Downloads\FRST.txt Deleted : C:\Users\Nuno Jesus\Downloads\FRST64.exe Deleted : C:\Users\Nuno Jesus\Downloads\RogueKiller_portable64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Thanks for your time. I have no more questions, you can close the thread. Best regards, Kape33
  4. Ok, i will unninstall it and thanks for your help.
  5. Yes. Why? I used this F-SecureOnlineScanner, adwcleaner, malwarebytes, adware removal tool by TSA, spybot antibeacon after all these problems, i was trying to find infections with this programs one after another and malwarebytes stopped opening but it was already with this boot problems, i think it started after i installed the update w10 fall creators, not at that moment exactly but before that update my boot was faster.
  6. ntbtlog safe mode boot.txt ntbtlog normal boot.txt Entering in safe mode it gives me an error ctfmon.exe - Êxito Unknown Hard Error
  7. How to Analyze Boot Logs Boot logging lists the files that successfully and unsuccessfully processed during startup. You use boot logging to log the Windows features that are processed when you start your computer in safe mode and also in normal mode. By comparing the differences between the two logs, you can determine which features are not required to start. Windows records the name and path of each file that runs during startup in a log, %WinDir%\Ntbtlog.txt. The log marks each file as successful ("Loaded Driver...") or unsuccessful ("Did Not Load Driver..."). Boot logging appends entries to Ntbtlog.txt when you start Windows in safe mode. Comparing normal mode and safe mode entries enables you to determine which services run in normal mode only-one of which must be the cause of the startup problem if Windows is able to start in safe mode successfully. The following lines are sample Ntbtlog.txt entries. Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\DRIVERS\sflpydisk.SYS Note that not every "Did Not Load Driver" message necessarily indicates an error that would prevent Windows from booting, because many drivers are not required for Windows to start. To repair problems caused by problematic drivers when you can start safe mode, follow these steps: Restart the computer and enable boot logging. Restart the computer after it fails and then start safe mode. Click Start and then type %WinDir%\ntbtlog.txt. The boot log file opens in Notepad. Compare the list of drivers loaded in normal mode to the list of drivers loaded in safe mode. The driver that is causing the system to fail is one of the drivers listed with "Loaded Driver..." in the normal mode boot log, but listed with "Did Not Load Driver..." in the safe mode boot log. In safe mode, use Device Manager to replace or roll back potentially problematic drivers, as described in the next section, "How to Roll Back Drivers." Start by replacing drivers that have been recently installed or updated. After replacing a driver, repeat this process until the system starts successfully in normal mode. For the services that run only in normal mode, disable those services one at a time, trying to restart your computer in normal mode after you disable each service. Continue to disable services individually until your computer starts in normal mode. To repair problems caused by problematic drivers when the computer does not start in safe mode, follow these steps: Restart the computer and then load System Recovery tools. Click Command Prompt. At the command prompt, type Notepad %WinDir%\ ntbtlog.txt. Notepad opens and displays the boot log. Compare the boot log created when the system failed to start in safe mode to a boot log created when the system started successfully in safe mode. If you do not have a boot log that was created when the system started successfully in safe mode, create a boot log on a similarly configured computer by starting it in safe mode. The driver that is causing safe mode to fail is one of the drivers that is not listed in the boot log that was created when the system failed but is listed with "Loaded Driver..." in the boot log created when safe mode started successfully. Replace the driver file with a working version, using the Copy command at the command prompt. Start by replacing or deleting drivers that have been recently installed or updated. After replacing a driver, repeat this process until the system starts successfully in normal mode.
  8. Well the big problem i have is starting, restarting or shutting down pc it takes ages, somehow windows stopped loading drivers and that's causing the problem but i cant figure a solution for that.
  9. Sorry for the delay, here's the attachment. Quarantine.rar
  10. Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by Nuno Jesus (15-03-2018 15:47:25) Run:1 Running from C:\Users\Nuno Jesus\Downloads Loaded Profiles: Nuno Jesus & (Available Profiles: Nuno Jesus) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1185937808-2822752954-2417405274-1003\...\Run: [] => [X] GroupPolicy: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing Task: {0439AF2F-CDB0-46E8-BD5E-0AFF02FC9D3C} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION Task: {16A8D5A6-53AF-44DC-AEF3-E36C8929B99E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {CDA905F6-DE7A-482A-A042-9FC1B911E077} - System32\Tasks\{9BD9769F-9644-4E5D-B4A4-D30A6A9B72BA} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\KMSpico\UninsHs.exe" -d "C:\Program Files\KMSpico\sounds" -c /u0=KMSpico C:\Applications C:\Disk C:\Windat C:\WinSys C:\ProgramData\63e2c58283 C:\ProgramData\9228o60c24w9289 C:\ProgramData\74960f38644l53964z4 C:\Users\Nuno Jesus\AppData\Local\mpress C:\Users\Nuno Jesus\AppData\Local\installer.dat C:\WINDOWS\system32\Drivers\WinDivert64.sys EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "HKU\S-1-5-21-1185937808-2822752954-2417405274-1003\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0439AF2F-CDB0-46E8-BD5E-0AFF02FC9D3C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0439AF2F-CDB0-46E8-BD5E-0AFF02FC9D3C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\PostResetBoot" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16A8D5A6-53AF-44DC-AEF3-E36C8929B99E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16A8D5A6-53AF-44DC-AEF3-E36C8929B99E}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDA905F6-DE7A-482A-A042-9FC1B911E077}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDA905F6-DE7A-482A-A042-9FC1B911E077}" => removed successfully C:\WINDOWS\System32\Tasks\{9BD9769F-9644-4E5D-B4A4-D30A6A9B72BA} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BD9769F-9644-4E5D-B4A4-D30A6A9B72BA}" => removed successfully C:\Applications => moved successfully C:\Disk => moved successfully C:\Windat => moved successfully C:\WinSys => moved successfully C:\ProgramData\63e2c58283 => moved successfully C:\ProgramData\9228o60c24w9289 => moved successfully C:\ProgramData\74960f38644l53964z4 => moved successfully C:\Users\Nuno Jesus\AppData\Local\mpress => moved successfully C:\Users\Nuno Jesus\AppData\Local\installer.dat => moved successfully C:\WINDOWS\system32\Drivers\WinDivert64.sys => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 7364608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 224056590 B Java, Flash, Steam htmlcache => 1227 B Windows/system/drivers => 41324 B Edge => 484 B Chrome => 300437 B Firefox => 379929709 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 822 B NetworkService => 0 B Nuno Jesus => 6184787 B RecycleBin => 0 B EmptyTemp: => 589.3 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-03-2018 15:55:03) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. ==== End of Fixlog 15:55:04 ====
  11. Malwarebytes stoped opening and i re-installed It found this. Ficheiro: 1 RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\A89639BBE296749A.VIR, Nenhuma Ação pelo Utilizador, [84], [440074],1.0.4356
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.