YvesStrassburg

This thread can be closed: I replaced Fritz!Box Tray Tool 1.2 by Fritz!Box Monitor 1.02.05 which is better working, and fine working with Malwarebytes' Anti-Malware 1.70.0.1100.

Salut ! Malwarebytes' Anti-Malware 1.70.0.1100 prevents Fritz!Box Tray Tool 1.2, , from automatically starting. Placing the folder FritzBox Tray Tool and/or FritzBox_Tray_Tool.exe into Malwarebytes' Anti-Malware ignore-list doesn't help. It do need starting it manually on every reboot, then it works fine, but this not that comfortable. How comes? Best regards Yves

Sorry, i didn't get your last sentence "I see you have other posts on the forum, so you should probably work on those as you have some different things going on." There is actually only just one other post, where i already got an answer, and where the solution is clear.

Thank you for your fast answer, AdvancedSetup. Hm, Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine here. The only thing that i observe is, that Malwarebytes' Anti-Malware has no longer a startup-entry (for mbamgui.exe) as my old Malwarebytes' Anti-Malware 1.62.0.1300 had it, but Malwarebytes' Anti-Malware 1.70.0.1100 is starting automatically and showing its icon in the system tray, like that one of Malwarebytes' Anti-Malware 1.62.0.1300 before, blue colour icon now instead of red colour before, of course. What's the hidden service "MBAMSwissArr" is doing exactly ?

After my posting, i saw that sg09 on http://forums.malwarebytes.org/index.php?showtopic=100744 had the same question. OK, i will do so. Thanks shadowwar ;-)

What do you think about this here? http://img809.images...arr20130107.jpg http://imageshack.us...rr20130107.jpg/ When installing Malwarebytes' Anti-Malware 1.70.0.1100, i get this: ROOTKIT FOUND A suspicuous object (Rootkit) has been found on your system. This could be a hint to a malware-infection. The object should be deleted instantly. ROOTKIT-INFORMATION Filename Rootkit-name SVC: MBAMSwissArr Rootkit: Hidden service ACTIONS WHEN FOUND Delete now (recommended) Other OK I deleted it, and Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine. But what's about that rootkit in Malwarebytes' Anti-Malware 1.70.0.1100 ?

I got a similar problem. http://forums.malwarebytes.org/index.php?showtopic=104372&view=findpost&p=631173

Well, all the problems described above came back with the versions which followed that one which i have installed now here, Malwarebytes' Anti-Malware Pro 1.62.0.1300, so that i could not update that one. I would not restart the old procedure once again. But the reason why i'm writing you here is a very strange behaviour of Malwarebytes' Anti-Malware 1.62.0.1300. As i was not interested keeping the Microsoft Windows XP-feature "Search", i introduced a new entry in the registry: Den Eintrag 'Suchen' entfernen / Deleting the entry 'Search' http://www.winfaq.de/faq_html/Content/tip1000/onlinefaq.php?h=tip1367.htm Mit diesem Wert können Sie festlegen, dass der Eintrag "Suchen" im Startmenü und dem Kontextmenü des Startmenüs entfernt wird. Es wird auch über die Windows-Tastenfunktion "Windows-Taste + F" und F3 deaktiviert. Starten Sie den Registryeditor und ändern Sie in der Registry die Einträge wie beschrieben ab. Aufrufen von REGEDIT.EXE (alle Betriebssysteme) oder REGEDT32.EXE (nur Windows NT/2000) Wenn der Pfad zum Schlüssel nicht vorhanden ist, müssen Sie die nötigen Schlüssel selber hinzufügen. Rechtsklick auf den letzten Schlüssel (links im Tree) aus dem Kontextmenü "Neu" -> "Schlüssel" auswählen, und die fehlenden Schlüssel mit den angegebenen Namen anlegen. Unter: [für den Anwender / for the user] HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer > [für das System (alle Anwender) / all users] HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer Erstellen Sie hier einen neuen Wert mit dem Namen "NoFind" als Datentyp REG_DWORD. Setzen Sie den Wert auf: Create a new entry with the name "NoFind" as type REG_DWORD. Set the value to: 1 Eintrag wird nicht angezeigt / Entry will not show gelöscht Eintrag wird angezeigt (Standard) / deleted Enry will show (Standard) > You need to restart your Windows XP and the entry 'Search' has gone. Indeed, the entry 'Search" will not show any longer after this procedure. All worked fine, i made several examinations during several months. Up to now. Today Malwarebytes' Anti-Malware 1.62.0.1300 tells me, that there is a bad "PUM.Hijack.Find". Please look the mbam-log-2013-01-06 (22-59-18).txt: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2013.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 yves :: BESITZER-30983A [Administrator] Schutz: Aktiviert 2013-01-06 19:09:08 mbam-log-2013-01-06 (22-59-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 355883 Laufzeit: 3 Stunde(n), 23 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFind (PUM.Hijack.Find) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) This means, the entry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFind is infected and bad? I don't believe this. Where is the problem ?

Since installing today Malwarebytes Anti-Malware 1.60.1.1000 over the old version 1.51.2.1300 (with installed Zemana AntiLogger 1.9.2.938 and SpyShelter Premium 5.40), i have no longer blue screens (BSOD) or other problems. Well done !

The problem with Zemana AntiLogger ist solved: in only two weeks Zemana created the new version 1.9.2.938 which works fine now with SpyShelter 5.40 premium and Malwarebytes' Anti-Malware 1.51.2.1300. The new version is announced at http://zemana.com/whatsnew.aspx and can be downloaded by http://dyn.zemana.co...r_1.9.2.938.exe . Zemana appreciates the patience and understanding in this matter, as token of their appreciation for the patience, i got an activation key which can be used for 2 years, free of charge. That's nice . For the moment, i use Malwarebytes' Anti-Malware 1.51.2.1300 with the following settings, as it has still problems with SpyShelter 5.40 premium:

Edit: Meanwhile i saw, better is to uncheck both cases. Nevertheless, daily definition-updates will be done.

Yes, HRM, you did help me with that , and i wish you a Happy New Year too, as well to everybody here of the team. For the moment, going back to Malwarebytes' Anti-malware 1.51.2.1300 helped me a lot, by taking out the checkmark in the red case:

Why didn't you download the MEMORY-02.zip as well ?

SpyShelter 5.40 premium works with Malwarebytes' Anti-Malware 1.51.2.1300: no problems at all. SpyShelter 5.40 premium does not work with Malwarebytes' Anti-Malware 1.60.0.1800: plenty of BSOD, same for Zemana AntiLogger 1.9.2.819 with Malwarebytes' Anti-Malware 1.60.0.1800. Thank you

Hello Meinard, if you appreciate the full memory download, you should download it this night and now - it's 00:21:56 AM here right now. Specially for this case i let my laptop run whole over the night. Indeed, there is a special reason why I'm using Acronis True Image Home 2009. I like very much Acronis True Image Home 2008 as well, as both versions may run in the background with deep priority and highest compression, and you can work without being disturbed. When there is no action on the computer, Acronis True Image Home 2009 and 2008 instantly take more recources on the CPU, and the backup-file will be done quicklier. This is extremely comfortable. Normally i make my daily backup-file by night when i'm in bed, but it occurs that i have to make one during daylight while i'm working. I have as well Acronis True Image Home 2006, 2007, 2010, 2011 and 2012. 2006 seems to be somehow outdated, and the 2010, 2011, and 2012-versions do not have any longer the nice behavour i was speaking of above. If you are using Internet Explorer for the dmp-download, you cannot click onto the filename in my server-website: you must copy and paste the URL into the browserfield. Then it works as well on Internet Explorer. Ah, i see now, it's loading with 50 KB/s, and you are downloading MEMORY-01.zip: This is the *.dmp-file with Spyshelter and Zemana, but without Malwarebytes. It says ~ "2h30m" downloadtime. MEMORY-02.zip contains Spyshelter and Zemana and Malwarebytes, as i described it above. Best regards