backdoor.generic3

[DeadManWalk]

zdravim,
mam nootebook, na kterem je stale puvodni instalace win xp(pocitac je 3 roky stary) a jediny, co ten pocitac "cisti" jsou tuneup utilities. Je na nem nanstalovane AVG, ktere se aktualizuje pres internet(momentalne je plne aktualni).
Kdyz se spustil kompletni scan(po startu pc), tak to nic nenajde, ale kdyz se pak pracuje s pc(i v offline modu), tak tam asi co hodku vyskoci avg tabulka nalezen virus(Backdoor.generic3.*** - * nevim ty posledni 3 pismenka ), ktery je v adresari win/system32 v chranenem sys souboru a nejde AVGckem odstranit.
logy:

HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:36:35, on 22.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\DATEV\SYSTEM\PSNTSERV.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\wincmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JOSEFM~1\LOCALS~1\Temp\Rar$EX00.126\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:20000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ASHAMPOO\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: GEMINI IBS 31 RZB Applet Security - https://ibs.rb.cz/bin/IBS31-RZB-aplsec-3.2.1.3.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB CW Pack - https://www.mojebanka.cz/jars/cw_pack.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66226C7D-7B7C-4E6C-8579-E9B6CF660663}: NameServer = 192.168.1.1
O20 - Winlogon Notify: twpkad - C:\WINDOWS\SYSTEM32\twpkad.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DATEV Tiskový servis (DatevPrintService) - Datev eG - C:\DATEV\SYSTEM\PSNTSERV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe





MVAV

Sat Jul 22 12:44:45 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Jul 22 12:44:46 2006 => Loading Spyware Signatures from new External Database (Size: 161855).
Sat Jul 22 12:44:53 2006 => Indexed Spyware Databases Successfully Created...

Sat Jul 22 12:44:56 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sat Jul 22 12:44:57 2006 => System found infected with flashenhancer adware variant Spyware/Adware ({0ad937e7-2f37-4873-a05e-548a67ef1d0e})! Action taken: No Action Taken.
Sat Jul 22 12:44:57 2006 => System found infected with ctxpopup Spyware/Adware ({5edb03af-0341-4e96-9e9b-3171522e4baf})! Action taken: No Action Taken.
Sat Jul 22 12:44:57 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.
Sat Jul 22 12:44:59 2006 => System found infected with ace club casino Spyware/Adware ({8ba2fe8d-8506-11d4-bfe2-cb5fed326646})! Action taken: No Action Taken.
Sat Jul 22 12:44:59 2006 => System found infected with ace club casino Spyware/Adware ({8ba2fe8f-8506-11d4-bfe2-cb5fed326646})! Action taken: No Action Taken.
Sat Jul 22 12:44:59 2006 => System found infected with ace club casino Spyware/Adware ({8ba2fe91-8506-11d4-bfe2-cb5fed326646})! Action taken: No Action Taken.
Sat Jul 22 12:45:02 2006 => Offending file found: C:\WINDOWS\system32\unace.dll
Sat Jul 22 12:45:02 2006 => System found infected with zipitpro Spyware/Adware (unace.dll)! Action taken: No Action Taken.

Sat Jul 22 12:45:04 2006 => Offending file found: C:\Documents and Settings\Josef Martinek\Data aplikací\xcpcsync.oem\siemens.smartsync.5.2\data\app.dat
Sat Jul 22 12:45:04 2006 => System found infected with clientman Spyware/Adware (app.dat)! Action taken: No Action Taken.

Sat Jul 22 12:45:05 2006 => Offending Folder found: C:\Documents and Settings\Josef Martinek\Nabídka Start\programy\toptext ilookup
Sat Jul 22 12:45:05 2006 => Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jul 22 12:45:06 2006 => Offending Folder found: C:\Documents and Settings\Josef Martinek\Nabídka Start\Programy\toptext ilookup
Sat Jul 22 12:45:06 2006 => Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jul 22 12:45:07 2006 => Offending file found: C:\Documents and Settings\Josef Martinek\Local Settings\data aplikací\hp\digital imaging\cache\43.dat
Sat Jul 22 12:45:07 2006 => System found infected with networkessentials Spyware/Adware (43.dat)! Action taken: No Action Taken.

Sat Jul 22 12:45:07 2006 => Offending file found: C:\Documents and Settings\Josef Martinek\Local Settings\data aplikací\hp\digital imaging\cache\1.dat
Sat Jul 22 12:45:07 2006 => System found infected with wareout Adware (1.dat)! Action taken: No Action Taken.

Sat Jul 22 12:45:07 2006 => Offending file found: C:\Documents and Settings\Josef Martinek\Local Settings\Data aplikací\hp\digital imaging\cache\43.dat
Sat Jul 22 12:45:07 2006 => System found infected with networkessentials Spyware/Adware (43.dat)! Action taken: No Action Taken.

Sat Jul 22 12:45:07 2006 => Offending file found: C:\Documents and Settings\Josef Martinek\Local Settings\Data aplikací\hp\digital imaging\cache\1.dat
Sat Jul 22 12:45:07 2006 => System found infected with wareout Adware (1.dat)! Action taken: No Action Taken.




Sat Jul 22 12:50:38 2006 => Total Objects Scanned: 25462
Sat Jul 22 12:50:38 2006 => Total Critical Objects: 15
Sat Jul 22 12:50:38 2006 => Total Disinfected Objects: 0
Sat Jul 22 12:50:38 2006 => Total Objects Renamed: 0
Sat Jul 22 12:50:38 2006 => Total Deleted Objects: 0
Sat Jul 22 12:50:38 2006 => Total Errors: 135
Sat Jul 22 12:50:38 2006 => Time Elapsed: 00:08:00
Sat Jul 22 12:50:38 2006 => Virus Database Date: 7/22/2006
Sat Jul 22 12:50:38 2006 => Virus Database Count: 209161




Ty zbyvajici chyby v mwavu jsou chyby v registrech, nehazu to sem, pac je to dost dlouhe, ale jestli je to potreba, tak to sem dam dodatecne ...

[Reklama]

[Koja]

Mno ty svině vidím,ale na tohle si ještě netroufnu
Takže aspon pár věcí:
- Místo IE si naistaluj alternativní prohlížeč - Firefox, Opera
- Jestli sem se nepřehlídl, tak ti chybí firewall, doinstaluj

Jinak všechno, co ti našel MWAV najdi a smázni

Fixni
O4 - HKLM\..\Run: [rpcc] rpcc.exe - najdi a smaž ho, je to Trojan.RPCC.Process
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - (no file)
O20 - Winlogon Notify: twpkad - C:\WINDOWS\SYSTEM32\twpkad.dll - najdi a smaž (Win32.Backdoor.Haxdoor.JG)


Mno a ostatní nechám na zkušenější

[mijaja]

Tak jsem si říkal, jestli to sem mám dát, abych nebyl taky Death Man, ale pak si říkám - zase toho tolik není.

Fixni to co ti napsal Koja a potom -

Tenhle program najdi a zkontroluj na Jottiscanu:

C:\DATEV\SYSTEM\PSNTSERV.EXE - měl by to být nějaký ovladač snad od tiskárny nebo čeho - no neznám ho.

C:\WINDOWS\System32\mssecadv.dll - tenhle soubor byl označen Mwavem jako nakažený, ale je to systémový soubor (MSSecurityAdvisor Class) - jestli jej Jottiscan určí také jako špatný, tak jej budeš muset přepsat zdravým. Je to soubor ze záplat, takže by se musel stáhnout s nějakou záplatou na Win Update.

Smaž soubory:
C:\Documents and Settings\Josef Martinek\Data aplikací\xcpcsync.oem\siemens.smartsync.5.2\data\app.dat
C:\Documents and Settings\Josef Martinek\Nabídka Start\programy\toptext ilookup
C:\Documents and Settings\Josef Martinek\Local Settings\data aplikací\hp\digital imaging\cache\43.dat
C:\Documents and Settings\Josef Martinek\Local Settings\data aplikací\hp\digital imaging\cache\1.dat

Dej si pozor na jména a umístění souborů - bude-li jiná cesta, nebo jméno souboru, tak jej nechej tak. Tohle je na dlouho, a výsledkem může být jeden, dva nebo jen deset souborů a klíčů, které ti hážou ten výsledek 15 kritických nálezů. Pokud si nebudeš jistý, raději to nechej být. Ti šmejdi jsou neaktivní a nemusí ti momentálně v kompu škodit

Adware.FlashEnhancer - tohle Symantec http://sarc.com/avcenter/venc/data/adwa ... ancer.html doporučuje dělat v nouzovém režimu:
Najdi v kompu soubory:

C:\Program Files\Common Files\Java\flnclean.exe
C:\Program Files\Common Files\Java\\flncpy.exe
C:\Program Files\Common Files\Java\\ftkclean.exe
C:\Program Files\Common Files\Java\ftkcpy.cfg
C:\Program Files\Common Files\Java\ftkcpy.exe
C:\Windows\Temp\ft30s.exe
dále soubory XML.dll; Xcpy1_inst.exe; xclean.exe; flaclean.exe; Uninst.exe; ftk.dll a Xcpy1.exe

V regeditu najdi klíč:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
a v pravém okně vymaž tyto hodnoty:
"FlnCPY" = "[Cesta k orig. souboru]"
"FlaCPY" = "[Cesta k orig. souboru]"
"Jreg" = "[Cesta k orig. souboru]"
"t" = "[Cesta k orig. souboru]"
"fecpy" = "[Cesta k orig. souboru]"
"flencpy" = "[Cesta k orig. souboru]"
"flnCPY" = "[Cesta k orig. souboru]"
"ftkCPY" = "[Cesta k orig. souboru]"
"Xcpy1" = "[Cesta k orig. souboru]"

najdi klíč:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
a vpravém okně vymaž tyto hodnoty:
"fln" = "[Cesta k orig. souboru]"
"f" = "[Cesta k orig. souboru]"
"t" = "[Cesta k orig. souboru]"
"fla" = "[Cesta k orig. souboru]"
"fln" = "[Cesta k orig. souboru]"
"ftk" = "[Cesta k orig. souboru]"

Potom najdi tyto klíče a smaž je:

HKEY_CLASSES_ROOT\CLSID\{5EDB03AF-0341-4e96-9E9B-3171522E4BAF}
HKEY_CLASSES_ROOT\CLSID\{63CF97E8-4133-438a-A831-CC9C6D47D673}
HKEY_CLASSES_ROOT\CLSID\{665ACD90-4541-4836-9FE4-062386BB8F05}
HKEY_CLASSES_ROOT\CLSID\{7371F073-AC0F-4b80-BB2F-96A488CEFB32}
HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-479EA31DF969}
HKEY_CLASSES_ROOT\CLSID\{A749B4BC-7621-4a80-9220-D0A283367DD5}
HKEY_CLASSES_ROOT\CLSID\{D7E588AB-A5D9-4422-B313-22A3470F9700}
HKEY_CLASSES_ROOT\Interface\{06542764-7BB2-412B-80D6-D103D1474C93}
HKEY_CLASSES_ROOT\Interface\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}
HKEY_CLASSES_ROOT\Interface\{6E83AE1C-F69C-4AED-AF98-D23C24C6FA4B}
HKEY_CLASSES_ROOT\Interface\{890089B7-B385-442F-97B6-99060E8BD08F}
HKEY_CLASSES_ROOT\Interface\{BAEF4039-3C02-4C9E-A2F4-87B513AB0E87}
HKEY_CLASSES_ROOT\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}
HKEY_CLASSES_ROOT\TypeLib\{48E832EC-B061-49E2-BBC1-AC818623B742}
HKEY_CLASSES_ROOT\TypeLib\{7955EA20-E0D6-4A77-88B6-120674D979EA}
HKEY_CLASSES_ROOT\TypeLib\{DB9F4C00-65E8-4FA1-917B-E4844DDF5909}
HKEY_CLASSES_ROOT\TypeLib\{E6C71E83-E02B-4BC4-958D-A9194916EC19}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AD937E7-2F37-4873-A05E-548A67EF1D0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5EDB03AF-0341-4e96-9E9B-3171522E4BAF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63CF97E8-4133-438a-A831-CC9C6D47D673}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{665ACD90-4541-4836-9FE4-062386BB8F05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7371F073-AC0F-4b80-BB2F-96A488CEFB32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CD20E91-1F31-41da-8379-479EA31DF969}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A749B4BC-7621-4a80-9220-D0A283367DD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7E588AB-A5D9-4422-B313-22A3470F9700}
HKEY_CLASSES_ROOT\BRedObj.BRedObj
HKEY_CLASSES_ROOT\BRedObj.BRedObj.1
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reg2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fla
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xmod
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ftk
HKEY_LOCAL_MACHINE\Software\Netfilter
HKEY_LOCAL_MACHINE\Software\Xmod
HKEY_LOCAL_MACHINE\Software\XML
HKEY_LOCAL_MACHINE\Software\Persistent Bytes
HKEY_LOCAL_MACHINE\SOFTWARE\FEN
HKEY_LOCAL_MACHINE\SOFTWARE\Flen
HKEY_LOCAL_MACHINE\SOFTWARE\Flt
HKEY_LOCAL_MACHINE\SOFTWARE\Fln
HKEY_LOCAL_MACHINE\SOFTWARE\Ftk
HKEY_LOCAL_MACHINE\SOFTWARE\Fla
HKEY_LOCAL_MACHINE\SOFTWARE\Flcp
HKEY_USERS\S-1-5-21-1187800756-1387622775-1527857685-500\Software\Microsoft
\Windows\CurrentVersion\Ext\Stats\{63CF97E8-4133-438A-A831-CC9C6D47D673}
HKEY_USERS\S-1-5-21-1187800756-1387622775-1527857685-500\Software\Microsoft
\Windows\CurrentVersion\Ext\Stats\{7371F073-AC0F-4B80-BB2F-96A488CEFB32}

Pro Ace Club Casino je potřeba najít a vymazat soubory:

aceclubsetup.exe,
appterminate.exe,
aceclubcasino.exe,
tempupgraderassistant.exe,
upgraderassistant.exe,
ungins.exe,
sdbinst.exe
Program Files\aceclub casino\bin\ - Celou složku aceclub casino


registry na výmaz:
HKEY_CLASSES_ROOT\clsid\{2e316b76-eb1c-11d5-9933-0080c8046ee1}
HKEY_CLASSES_ROOT\interface\{126872f1-005a-11d6-9932-0080c8046f11}
HKEY_CLASSES_ROOT\interface\{126872f3-005a-11d6-9932-0080c8046f11}
HKEY_CLASSES_ROOT\interface\{2e316b75-eb1c-11d5-9933-0080c8046ee1}
HKEY_CLASSES_ROOT\interface\{2e316b77-eb1c-11d5-9933-0080c8046ee1}
HKEY_CLASSES_ROOT\interface\{3a450463-3802-11d6-9932-0080c8046f11}
HKEY_CLASSES_ROOT\interface\{3a45046a-3802-11d6-9932-0080c8046f11}
HKEY_CLASSES_ROOT\interface\{3d205ed1-64b3-11d5-8a8d-00d0b7b17818}
HKEY_CLASSES_ROOT\interface\{472510e1-770d-11d6-88e3-0050ba893cbb}
HKEY_CLASSES_ROOT\interface\{472510e3-770d-11d6-88e3-0050ba893cbb}
HKEY_CLASSES_ROOT\interface\{8ba2fe8d-8506-11d4-bfe2-cb5fed326646}
HKEY_CLASSES_ROOT\interface\{8ba2fe8f-8506-11d4-bfe2-cb5fed326646}
HKEY_CLASSES_ROOT\interface\{8ba2fe91-8506-11d4-bfe2-cb5fed326646}
HKEY_CLASSES_ROOT\interface\{aa5c242d-d521-11d5-86d2-00d0b7b176f4}
HKEY_CLASSES_ROOT\interface\{aa5c242f-d521-11d5-86d2-00d0b7b176f4}
HKEY_CLASSES_ROOT\interface\{f3b80f0c-5833-11d5-9932-0080c8046f11}
HKEY_CLASSES_ROOT\interface\{feed2abc-d449-11d5-b15a-000021fef83d}
HKEY_CLASSES_ROOT\interface\{feed2abe-d449-11d5-b15a-000021fef83d}
HKEY_CLASSES_ROOT\typelib\{126872e3-005a-11d6-9932-0080c8046f11}
HKEY_CLASSES_ROOT\typelib\{2e316b67-eb1c-11d5-9933-0080c8046ee1}
HKEY_CLASSES_ROOT\typelib\{505b0c99-61db-11d5-8a8d-00d0b7b17818}
HKEY_CLASSES_ROOT\typelib\{aa5c2421-d521-11d5-86d2-00d0b7b176f4}
HKEY_CLASSES_ROOT\typelib\{fd36ada1-7701-11d6-88e3-0050ba893cbb}
HKEY_CLASSES_ROOT\typelib\{feed2ab0-d449-11d5-b15a-000021fef83d}

HKEY_LOCAL_MACHINE\software\iglobalmedia\aceclubcasino - celý podklíč iglobalmedia

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aceclub casino online download deluxe suite\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aceclub casino online download deluxe suite\uninstallstring


Pro Zipitpro je potřeba najít a smazat soubory:
avpupd.exe-009f51bf.pf
c:\zipitpro\cabinet.dll
c:\zipitpro\gate.exe
c:\zipitpro\help\all_actions.htm
c:\zipitpro\help\index.htm
c:\zipitpro\help\index_menu.htm
c:\zipitpro\help\keyboard_layout.htm
c:\zipitpro\help\license.htm
c:\zipitpro\help\what_is_an_archive.htm
c:\zipitpro\help\what_is_zipitfast.htm
c:\zipitpro\help\zipitfast.htm
c:\zipitpro\irunin.ini
c:\zipitpro\skinz\default\skin.ini
c:\zipitpro\skinz\speeditup\skin.ini
c:\zipitpro\skinz\windowsxp\skin.ini
c:\zipitpro\thank.exe
c:\zipitpro\unace.dll
c:\zipitpro\unrar.dll
c:\zipitpro\zipitfast.exe
c:\zipitpro\zshellad.dll
c:\zipitpro\zshellex.dll
C:\Program Files\Common Files\zipitfast pro 3.0\history.lnk
C:\Program Files\Common Files\zipitfast pro 3.0\readme.txt.lnk
C:\Program Files\Common Files\zipitfast pro 3.0\zipitfast pro.lnk
Plocha\ popup ads.lnk (ikonka)
Plocha\zipitfast pro.lnk(ikonka)
ethereal.exe-1c148eef.pf
irsetup.exe-0de0091d.pf
iun6002.exe
mergecalic.exe-1c19a61e.pf
C:\Documents and Settings\Josef Martinek\local settings\temp\irsetup.exe
C:\Documents and Settings\Josef Martinek\local settings\temp\irsetup.ini
rundll32.exe-268bff96.pf
showbehind.exe-198e0a77.pf
thank.exe-15644fe3.pf
zipit3[1].exe-2c928677.pf
zipitpro.txt

[Koja]

Mno já věděl, že to mám nechat na někom jiným Bože, to je sajrajtu

[DeadManWalk]

diky vsem za rady, snad uz je vse v poradku, mwav nic nepise(hura) a hjt sem smazal vse co se zde psalo, takze snad zase na tyden cisty pc :)