Jump to content

How to remove RegistryBooster2010


MAM
 Share

Recommended Posts

Hello,

how to remove RegistryBooster2010, with Malwarebytes' Anti-Malware 1.50 Beta ?

The first scan this MBAM 1.50 Beta, was for the first suggestion, successfully.

Here are the Log of MBAM 1.50 Beta:

Malwarebytes' Anti-Malware 1.50 Public Beta

www.malwarebytes.org

Datenbank Version: 5162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.11.2010 10:08:44

mbam-log-2010-11-21 (10-08-44).txt

Art des Suchlaufs: Vollst

Link to post
Share on other sites

Here is a fresh Log, from Malwarebytes Anti-Malware 1.50 Beta:

Malwarebytes' Anti-Malware 1.50 Public Beta

www.malwarebytes.org

Datenbank Version: 5165

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.11.2010 21:25:15

mbam-log-2010-11-21 (21-25-15).txt

Art des Suchlaufs: Vollst

Link to post
Share on other sites

The last report of Malwarebytes' Anti-Malware was also clean, in my issue :)

Malwarebytes' Anti-Malware 1.50 Public Beta

www.malwarebytes.org

Datenbank Version: 5166

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.11.2010 23:52:45

mbam-log-2010-11-21 (23-52-45).txt

Art des Suchlaufs: Vollst

Link to post
Share on other sites

Ok, here are the defrogger_disable.log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 10:54 on 22/11/2010 (XXXXXX)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

MAM

Link to post
Share on other sites

And now a HijackThis Log, sorry for the delay.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:19:33, on 23.11.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\OpenOffice.org 3\program\soffice.exe

C:\Programme\OpenOffice.org 3\program\soffice.bin

C:\Programme\Java\jre6\bin\jqs.exe

I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe

C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [AVP] "I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [RegistryBooster] "C:\Programme\Uniblue\RegistryBooster\launcher.exe" delay 20000

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll, I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: !SASWinLogon - Invalid registry found

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Kaspersky Security Suite CBE 10 (AVP) - Kaspersky Lab - I:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--

End of file - 6281 bytes

Who can help me in this issue ?

Mam

Link to post
Share on other sites

Hi,

Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post.

Registry Booster 2010 is a legitimate program. That's why MBAM doesn't detect it. :)

And yes, your HijackThis log is clean. :)

Link to post
Share on other sites

Hi,

Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post.

Registry Booster 2010 is a legitimate program. That's why MBAM doesn't detect it. ;)

And yes, your HijackThis log is clean. :)

OK, thanks for your answer, sorry about the trrouble with my posting in my issue :D

MAM

Link to post
Share on other sites

  • 2 months later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.