Nemože se pokreniti Avast/Avira

uradi ovako kako piše u ovom postu

logove koje dobiješ nakon scana uploaduj na speedyshare ili neku drugu sličnu stranicu i postavi linkove da pogledam logove

imaš virus

ponovo pokreni roguekiller i ovo označi za delete

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

nakon toga, otvori OTS i ovo kopiraj u prazno polje

[Kill All Processes]

[Unregister Dlls]

[Win32 Services - Safe List]

YY -> (NOD32FiXTemDono) Eset Nod32 Boot [Auto | Stopped] -> C:\Windows\System32\regedt32.exe

[Registry - Safe List]

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 

YN -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 46 B5 09 65 FE 5F CB 01  [binary data]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]

[Registry - Additional Scans - Safe List]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> 

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs

YN -> NWCWorkstation -> 

YN -> Nwsapagent -> 

YN -> WmdmPmSp -> 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> 

[Files/Folders - Created Within 30 Days]

NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp

NY ->  1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp

[Files/Folders - Modified Within 30 Days]

NY ->  20 C:\Users\Home\AppData\Local\Temp\*.tmp files -> C:\Users\Home\AppData\Local\Temp\*.tmp

NY ->  20 C:\Users\Home\AppData\Local\Temp\*.tmp files -> C:\Users\Home\AppData\Local\Temp\*.tmp

NY ->  20 C:\Users\Home\AppData\Local\Temp\*.tmp files -> C:\Users\Home\AppData\Local\Temp\*.tmp

NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp

NY ->  1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp

[File - Lop Check]

NY ->  RMSchedule.job -> C:\Windows\Tasks\RMSchedule.job

NY ->  SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT

NY ->  {1E14D649-1293-4459-81C8-285F9A69DACC}.job -> C:\Windows\Tasks\{1E14D649-1293-4459-81C8-285F9A69DACC}.job

NY ->  {BCCC5FCA-7615-4B4A-BC8C-CA28B8A980B8}.job -> C:\Windows\Tasks\{BCCC5FCA-7615-4B4A-BC8C-CA28B8A980B8}.job

NY ->  {F516DA01-D00C-4761-9798-E37F423E1D3B}.job -> C:\Windows\Tasks\{F516DA01-D00C-4761-9798-E37F423E1D3B}.job

NY ->  {FEE36B9E-ED8A-482B-9871-F3DEE5C396F9}.job -> C:\Windows\Tasks\{FEE36B9E-ED8A-482B-9871-F3DEE5C396F9}.job

[Alternate Data Streams]

NY -> @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1

[Purity]

[Empty Temp Folders]

[EmptyFlash]

[EmptyJava]

[CreateRestorePoint]

[Reboot]

otvori notepad i ovo kopiraj u notepad

KillAll::

Fcopy::

c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntkrnlpa.exe|c:\windows\System32\ntkrnlpa.exe

DirLook::

c:\windows\system32\%LOCALAPPDATA%