trz.tmp files (already saw this other link and am running malware bytes now)

[argus]

Have you ever installed Windows?

[BerlinJulian]

Have you ever installed Windows?

yes a couple of times... and it worked... hmm i dont recall my pc turning off the monitor and giving me a yellow light for minutes not show me anything
is there any chance to access cmd.exe and format through that with my current starting point?


wow wtf my windows now just started up normally??? without anything in the dvd ..........?!?

[argus]

maybe  repair windows does I do not know.

[BerlinJulian]

maybe  repair windows does I do not know.

i do not know either... had my eyes away... then suddenly saw windows logo and thought whatever it turns off anyways but it just did not......
however it is started up now but im afraid to leave it like this or turn it off.. i wanna format and put new windows up now but shall i run any other scans on my machine before doing so ?

[argus]

You are now in normal mode? Then run WhoCrashed.

[BerlinJulian]

You are now in normal mode? Then run WhoCrashed.

yes i am in normal mode windows started up normally i ran whocrashed it has the same results

[argus]

Some driver but do not know which

crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: Unknown

[BerlinJulian]

Some driver but do not know which

crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: Unknown

yes i dont know either :/ i think i just set up windows new now it will solve that driver issue aswell im sure ... besides it has been a while i put windows new... if u know anything else to run and check please let me know now before i do this :S

[argus]

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Type akqqzkfv.sys into the Search: field in FRST then click the Search File(s) button.
  
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  
• Please attach it to your reply.

[BerlinJulian]

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Type akqqzkfv.sys into the Search: field in FRST then click the Search File(s) button.
  
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  
• Please attach it to your reply.

did do it it couldnt find that hm now is this good or bad ? xD

[argus]

https://www.virustotal.com/

send it to VIrus Total, click on Choose file and follow the path

C:\Windows\System32\Drivers\akqqzkfv.sys


Copy the link with report.

[BerlinJulian]

https://www.virustotal.com/

send it to VIrus Total, click on Choose file and follow the path

C:\Windows\System32\Drivers\akqqzkfv.sys


Copy the link with report.

i can not scan the file if it is not existing..? hmm..

[argus]

• Download FRSTx86 to a USB flash drive.
  
• Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  
• Select Repair your computer.
  
• Select Language and click Next
  
• Enter password (if necessary) and click OK, you should now see the screen below ...

• Select the Command Prompt option.
  
• A command window will open.
• Type notepad then hit Enter.
  
• Notepad will open.
• Click File > Open then select Computer.
  
• Note down the drive letter for your USB Drive.
  
• Close Notepad.
• Back in the command window ....
• Type e:/frst.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  
• FRST will start to run.
  
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
    
  • When finished scanning it will make a log FRST.txt on the flash drive.
• Next
  
  • Type Explorer.exe;Services.exe into the Search: field in FRST then click the Search File(s) button.
    
  • FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
    
  • Exit FRST.
• Close the command window.
• Boot back into normal mode and post me the FRST.txt and Search.txt logs please.

[BerlinJulian]

• Download FRSTx86 to a USB flash drive.
  
• Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  
• Select Repair your computer.
  
• Select Language and click Next
  
• Enter password (if necessary) and click OK, you should now see the screen below ...

• Select the Command Prompt option.
  
• A command window will open.
• Type notepad then hit Enter.
  
• Notepad will open.
• Click File > Open then select Computer.
  
• Note down the drive letter for your USB Drive.
  
• Close Notepad.
• Back in the command window ....
• Type e:/frst.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  
• FRST will start to run.
  
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
    
  • When finished scanning it will make a log FRST.txt on the flash drive.
• Next
  
  • Type Explorer.exe;Services.exe into the Search: field in FRST then click the Search File(s) button.
    
  • FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
    
  • Exit FRST.
• Close the command window.
• Boot back into normal mode and post me the FRST.txt and Search.txt logs please.

i finished this now... took very long and fsrt crashed but it completed it after..

[argus]

Open notepad.

• Click Start
  
• Type notepad.exe in the search programs and files box and click Enter.
  
• A blank Notepad page should open.
• Copy/Paste the contents of the code box below into Notepad.

Code: [Select]

Start
HKU\UpdatusUser\...\Run: [PICTURE] - wscript.exe //B "C:\Users\Julian\AppData\Local\Temp\PICTURE.vbs" <===== ATTENTION
C:\Users\Julian\AppData\Local\Temp\PICTURE.vbs
S2 Update outobox; "C:\Program Files\outobox\updateoutobox.exe" [x]
C:\Program Files\outobox\updateoutobox.exe
C:\Users\Julian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Julian\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Julian\AppData\Local\Temp\sfareca00001.dll
C:\Users\Julian\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Julian\AppData\Local\Temp\xmlUpdater.exe
End


• Save it to your USB flashdrive as fixlist.txt
  

>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

•     Press the Fix button once and wait.
  
•     FRST will process fixlist.txt
•     When finished, it will produce a log fixlog.txt on your USB flashdrive.
  

>>  Exit out of Recovery Environment and post me the log please.