ssH2n

ok, could you please have a look on the windows 11 system cureit.log too? Win11-cureit.log kprm-20240224121043.txt

ok SecurityCheck.txt

Done. Cleaned via MBsupport tool , reinstall MB + scan (now first scan hit 2 threats) and afterwards run gatherlogs on MBsuport tool latest version 1.9.9.x (last scan was made with 1.9.8.x) added some files from the logs folder /Malewarebytes/logs/ (mbupdatr.log, MBAMSERVICE.LOG and mbae-default.log) And thank you very much again for your time and patience ! Addition.txt FRST.txt mbae-default.log MBAMSERVICE.LOG MBscan-log.txt mbst-grab-results.zip mbupdatr.log Shortcut.txt

lol I did a complete update all avaiable drivers from dell for this device and afterwards via dell command update and also windows update afterwards so what driver exactly is missing? + but yes I forgot the system restore point... will create one now

done mbst-grab-results.zip

is it possible, that the windows11 system is compromised to compromise the bootstick creation ? I noticed a difference on the creation logs from rufus from creating the archlinux stick and the windows sticks, for the archlinux one it shows "Image is a ISO image" but on the Windows creations it alwasy shows "Image is a UDF image" although the windows image was .iso too or could it be that the infection (malware/rootkit/idk) hides anyhow in firmware or bios/uefi on this device?

ok, I loaded the iso from your link, verified it like you mentioned, created the usb-bootstick like in the link you provided described, before intalling windows I wiped the disk of the device with a (also with verified image created) archlinux boot stick and created a new GPT tbl (gdisk /dev/sda -> o -> w) then installed windows on the emty disk only created a local account and did not connect the system to the internet, CP AdwCleaner MBSetup and FRST (renamed FRSTEnglish.exe) did the first FRST scan (_1st ending in logs) before AdwClean and MBscan then rebooted like you described in your mentioned steps and did another FRST scan after reboot then a cureit scan and dont touch it in any other way Few minutes later I detected the Task Mngr shows high usage of DiscIO activity and Memory consum. supicious services (also systemservices but with ugly endings like _32z57887z) poped up more and more security principal user/groups with ugly names show up and the local Admin account I created lost permitssions for access and viewing details on some folders and services ...and there are a lot of files with a "Date modified" showing 2019-2023 , but even on the created bootstick all files showed todays date (I m just wondering how and why they got old-dated) here are the related logs 🫣 1st_Addition.txt 1st_FRST.txt Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt AdwCleaner_Debug.log cureit.log FRST.txt MBAMSERVICE.LOG mbscanlog.txt

I did a clean install with a verified sha1 hash image. I didn't connect to any network with the fresh installed device and run all scans you mentioned offline. maybe I'm just getting paranoid but I think it's still not "clean" here are the related logs Addition.txt AdwCleaner[S00].txt AdwCleaner_Debug.log cureit.log FRST.txt mblog.txt

the windows 10 iso image downloaded with the media creating tool from windows was compromised that's why I switched to rufus

on the created bootstick I see some files that looks a bit suspicious to me like F:\sources\en-gb\credits.rtf or F:\sources\SetupDU_166532.spdx.json can you tell me if they are "normal" or is the stick compromised during installation not related to the iso image? credits.rtf.txt SetupDU_166532.spdx.json.txt

-__- the iso is compromised since it was downloaded with the Win Media creation tool says sha1 testing I tried to download it directly in rufus with https://github.com/pbatard/Fido here the new usb stick creation log (https://sha1.rg-adguard.net/search.php?sha1=dc3982ad27e2d4e03b680630c28f824cb78bcd47&lang=en-us) rufusWIN10install.log

I downloaded all these tools you mentioned, but I wanted to try another clean OS install, first for the windows 10 then the system with the 11 on it. Last time I tried to fresh install win10 I created the boot stick with the windows media creation tool, this time I used rufus and win10.iso could you please have a look on the rufus logs from creating the boot stick? (cause if the bootstick is already compromised it won't make any sense to install it ) rufuslogCP.txt

Hi there, sorry I had an accident and was in hospital the last days + sadly even after restoring the system with the restorepoint the startup failed so I did reset it. now it is booting normal and we can go on to clean/repair it I attach the latest logs made after the reset Win10-Logs.zip

on advanced repair options > troubleshoot > reset this pc or advanced repair options > troubleshoot > advanced options > startup repair ?

done with the fix. I copied the fixlog before restarting the win 10 device and attach it here after the restart I got a bluescreen and at the next boot try it shows up recovery with 2 options 1. repair system 2. reboot I took the reboot and now it boots to the startlockscreen but when I hit space to get to the password promt it throws me to the bluescreen again (Your device ran into a problem....) Fixlog-Win10.txt