YvesStrassburg

This thread can be closed: I replaced Fritz!Box Tray Tool 1.2 by Fritz!Box Monitor 1.02.05 which is better working, and fine working with Malwarebytes' Anti-Malware 1.70.0.1100.

Salut ! Malwarebytes' Anti-Malware 1.70.0.1100 prevents Fritz!Box Tray Tool 1.2, , from automatically starting. Placing the folder FritzBox Tray Tool and/or FritzBox_Tray_Tool.exe into Malwarebytes' Anti-Malware ignore-list doesn't help. It do need starting it manually on every reboot, then it works fine, but this not that comfortable. How comes? Best regards Yves

Sorry, i didn't get your last sentence "I see you have other posts on the forum, so you should probably work on those as you have some different things going on." There is actually only just one other post, where i already got an answer, and where the solution is clear.

Thank you for your fast answer, AdvancedSetup. Hm, Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine here. The only thing that i observe is, that Malwarebytes' Anti-Malware has no longer a startup-entry (for mbamgui.exe) as my old Malwarebytes' Anti-Malware 1.62.0.1300 had it, but Malwarebytes' Anti-Malware 1.70.0.1100 is starting automatically and showing its icon in the system tray, like that one of Malwarebytes' Anti-Malware 1.62.0.1300 before, blue colour icon now instead of red colour before, of course. What's the hidden service "MBAMSwissArr" is doing exactly ?

After my posting, i saw that sg09 on http://forums.malwarebytes.org/index.php?showtopic=100744 had the same question. OK, i will do so. Thanks shadowwar ;-)

What do you think about this here? http://img809.images...arr20130107.jpg http://imageshack.us...rr20130107.jpg/ When installing Malwarebytes' Anti-Malware 1.70.0.1100, i get this: ROOTKIT FOUND A suspicuous object (Rootkit) has been found on your system. This could be a hint to a malware-infection. The object should be deleted instantly. ROOTKIT-INFORMATION Filename Rootkit-name SVC: MBAMSwissArr Rootkit: Hidden service ACTIONS WHEN FOUND Delete now (recommended) Other OK I deleted it, and Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine. But what's about that rootkit in Malwarebytes' Anti-Malware 1.70.0.1100 ?

I got a similar problem. http://forums.malwarebytes.org/index.php?showtopic=104372&view=findpost&p=631173

Well, all the problems described above came back with the versions which followed that one which i have installed now here, Malwarebytes' Anti-Malware Pro 1.62.0.1300, so that i could not update that one. I would not restart the old procedure once again. But the reason why i'm writing you here is a very strange behaviour of Malwarebytes' Anti-Malware 1.62.0.1300. As i was not interested keeping the Microsoft Windows XP-feature "Search", i introduced a new entry in the registry: Den Eintrag 'Suchen' entfernen / Deleting the entry 'Search' http://www.winfaq.de/faq_html/Content/tip1000/onlinefaq.php?h=tip1367.htm Mit diesem Wert können Sie festlegen, dass der Eintrag "Suchen" im Startmenü und dem Kontextmenü des Startmenüs entfernt wird. Es wird auch über die Windows-Tastenfunktion "Windows-Taste + F" und F3 deaktiviert. Starten Sie den Registryeditor und ändern Sie in der Registry die Einträge wie beschrieben ab. Aufrufen von REGEDIT.EXE (alle Betriebssysteme) oder REGEDT32.EXE (nur Windows NT/2000) Wenn der Pfad zum Schlüssel nicht vorhanden ist, müssen Sie die nötigen Schlüssel selber hinzufügen. Rechtsklick auf den letzten Schlüssel (links im Tree) aus dem Kontextmenü "Neu" -> "Schlüssel" auswählen, und die fehlenden Schlüssel mit den angegebenen Namen anlegen. Unter: [für den Anwender / for the user] HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer > [für das System (alle Anwender) / all users] HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer Erstellen Sie hier einen neuen Wert mit dem Namen "NoFind" als Datentyp REG_DWORD. Setzen Sie den Wert auf: Create a new entry with the name "NoFind" as type REG_DWORD. Set the value to: 1 Eintrag wird nicht angezeigt / Entry will not show gelöscht Eintrag wird angezeigt (Standard) / deleted Enry will show (Standard) > You need to restart your Windows XP and the entry 'Search' has gone. Indeed, the entry 'Search" will not show any longer after this procedure. All worked fine, i made several examinations during several months. Up to now. Today Malwarebytes' Anti-Malware 1.62.0.1300 tells me, that there is a bad "PUM.Hijack.Find". Please look the mbam-log-2013-01-06 (22-59-18).txt: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2013.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 yves :: BESITZER-30983A [Administrator] Schutz: Aktiviert 2013-01-06 19:09:08 mbam-log-2013-01-06 (22-59-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 355883 Laufzeit: 3 Stunde(n), 23 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFind (PUM.Hijack.Find) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) This means, the entry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFind is infected and bad? I don't believe this. Where is the problem ?

Since installing today Malwarebytes Anti-Malware 1.60.1.1000 over the old version 1.51.2.1300 (with installed Zemana AntiLogger 1.9.2.938 and SpyShelter Premium 5.40), i have no longer blue screens (BSOD) or other problems. Well done !

The problem with Zemana AntiLogger ist solved: in only two weeks Zemana created the new version 1.9.2.938 which works fine now with SpyShelter 5.40 premium and Malwarebytes' Anti-Malware 1.51.2.1300. The new version is announced at http://zemana.com/whatsnew.aspx and can be downloaded by http://dyn.zemana.co...r_1.9.2.938.exe . Zemana appreciates the patience and understanding in this matter, as token of their appreciation for the patience, i got an activation key which can be used for 2 years, free of charge. That's nice . For the moment, i use Malwarebytes' Anti-Malware 1.51.2.1300 with the following settings, as it has still problems with SpyShelter 5.40 premium:

Edit: Meanwhile i saw, better is to uncheck both cases. Nevertheless, daily definition-updates will be done.

Yes, HRM, you did help me with that , and i wish you a Happy New Year too, as well to everybody here of the team. For the moment, going back to Malwarebytes' Anti-malware 1.51.2.1300 helped me a lot, by taking out the checkmark in the red case:

Why didn't you download the MEMORY-02.zip as well ?

SpyShelter 5.40 premium works with Malwarebytes' Anti-Malware 1.51.2.1300: no problems at all. SpyShelter 5.40 premium does not work with Malwarebytes' Anti-Malware 1.60.0.1800: plenty of BSOD, same for Zemana AntiLogger 1.9.2.819 with Malwarebytes' Anti-Malware 1.60.0.1800. Thank you

Hello Meinard, if you appreciate the full memory download, you should download it this night and now - it's 00:21:56 AM here right now. Specially for this case i let my laptop run whole over the night. Indeed, there is a special reason why I'm using Acronis True Image Home 2009. I like very much Acronis True Image Home 2008 as well, as both versions may run in the background with deep priority and highest compression, and you can work without being disturbed. When there is no action on the computer, Acronis True Image Home 2009 and 2008 instantly take more recources on the CPU, and the backup-file will be done quicklier. This is extremely comfortable. Normally i make my daily backup-file by night when i'm in bed, but it occurs that i have to make one during daylight while i'm working. I have as well Acronis True Image Home 2006, 2007, 2010, 2011 and 2012. 2006 seems to be somehow outdated, and the 2010, 2011, and 2012-versions do not have any longer the nice behavour i was speaking of above. If you are using Internet Explorer for the dmp-download, you cannot click onto the filename in my server-website: you must copy and paste the URL into the browserfield. Then it works as well on Internet Explorer. Ah, i see now, it's loading with 50 KB/s, and you are downloading MEMORY-01.zip: This is the *.dmp-file with Spyshelter and Zemana, but without Malwarebytes. It says ~ "2h30m" downloadtime. MEMORY-02.zip contains Spyshelter and Zemana and Malwarebytes, as i described it above. Best regards

Salut Meinard, Today i remained and worked in WindowsXP with SpyShelter 5.40 premium and Zemana AntiLogger 1.9.2.819 without any Malwarebytes' Anti-Malware for more than 12 hours without any blue screen (BSOD) or dmp-file. This evening I installed Malwarebytes' Anti-Malware 1.60.0.1800. When installed, the program froze, i couldn't use the tabs. I wanted to move WindowsXP down, but this didn't work, so i had to hit the CLOSE-button. I restarted WindowsXP three times, but it didn't load all programs and froze, so i had to hit the CLOSE button again, as WindowsXP wouldn't go down in normal way. After having rebooted, this time there came up a blue screen (BSOD). I had to hit the CLOSE-button down, went into Safe mode, and cut/pasted the new MEMORY-02.DMP (= MEMORY-02.zip) and Mini011712-04.dmp from C: to D:. You will find them on my server, as well the BSOD-screenshot 201201171141.jpg. By Acronis True Image Home 2009 12.0.9769.15-backup, i went back to Malwarebytes' Anti-Malware 1.51.2.1300 with SpyShelter 5.40 premium - and all works fine again. Best regards

Salut Meinard ! All files are uploaded now. In the evening, i might continue installing Malwarebytes' Anti-Malware 1.60.0.1800 after having read your answer. mardi 17 janvier, 2012 - 14:51:16 Thank you

Salut Meinard ! This morning i started deleting Malwarebytes' Anti-Malware 1.51.2.1300 with that mbam-clean.exe.(66 kb). Unfortunately, that tool created a error, "Malwarebytes' Anti-Malware - Das system kann den angegebenen pfad nicht finden - The system cannot find the indicated path". Strange this. The tool asked me to shutdown the computer, and i did so. But it did not shutdown to the end, finally i had to push the button CLOSE on my machine. As the behaviour of mbam-clean.exe (66 ko) did not ensure me that much, i cleaned up with: - CCEnhancer 2.4 & CCleaner 3.12.1572 five times: Windows (3x), Applications (1x), Registry (1x) - TuneUp Utilities 2007 one time: RegistryCleaner - Auslogics BoostSpeed portable 5.1.1.0 twice: Disc cleaner, Registry cleaner - Ashampoo WinOptimizer 8.13 three times: Drive cleaner, Registry optimizer, Internet cleaner They found still traces of Malwarebytes' Anti-Malware 1.51.2.1300 and deleted them. As you wish a MEMORY.DMP of Malwarebytes' Anti-Malware 1.60.0.1800 with SpyShelter 5.40 premium and Zemana AntiLogger 1.9.2.819, I installed first Zemana AntiLogger 1.9.2.819 as it was not installed on the machine. I looked under System > Erweitert > Starten und wiederherstellen > Einstellungen and saw "Kleines speicherabbild (64 KB) - Small memory image (64 KB)". The installation of Zemana AntiLogger 1.9.2.819 must have changed this! So i rechanged to "Vollständiges speicherabbild [ ] Vorhandene dateien überschreiben - Complete memory image [ ] Overwrite existing files". The question in "Systemsteuerungsoption ''System - When the pagefile on drive C: has an initial size of less than 2037 MB, the system will perhaps not be able to save any debug-informations, if a "STOP"-error occurs. Nevertheless, do you want to continue the procedure?" I answered with Yes. I restarted WindowsXP SP3, and got a blue screen (BSOD), and got Mini011712-01.dmp (88 kb). I restarted WindowsXP SP3 new, and there was nothing of this. I restarted WindowsXP SP3, and got a blue screen (BSOD), and got Mini011712-02.dmp (88 kb). I restarted WindowsXP SP3, and got a blue screen (BSOD). I restarted WindowsXP SP3 new, and there was nothing of this. I restarted WindowsXP SP3, and got a blue screen (BSOD), and got Mini011712-03.dmp (64 kb). I restarted WindowsXP SP3, and got a blue screen (BSOD). And suddenly i saw on drive C: a MEMORY-01.DMP (2086128 kb) > but it is of 2012-01-12 04:12 ! I'm pretty sure this MEMORY-01.DMP (2086128 kb) is of today and not of 2012-01-12 04:12, as i do not trust Windows that much, and i have a good reason believing this: In the past, when making backups with Actually Acronis True Image Home 2009 12.0.9769.15, the filesize of those backups grew with the number of Windows system restore points which are saved on drive C:. When there was not enough space any more, all of the restore points have been deleted automatically, except the two last one. By this the size of C: went down, around 2 GB, and by this the size of a backup of Actually Acronis True Image Home 2009 12.0.9769.15 as well. Means: if there came in a new MEMORY.DMP, the filesize of a new Actually Acronis True Image Home 2009 12.0.9769.15-backup would have grown. But the size of the Actually Acronis True Image Home 2009 12.0.9769.15-backups did ot grow considerably since 2012-01-11. So the MEMORY.DMP must be made today 2012-01-17, right? The filesize of the last Acronis True Image Home 2009 12.0.9769.15-backup 1600_XPA_C_2012-01-17_03.12_b.tib, made last night, has 9238319 KB. I cut and pasted all dmp-files from C: to D: for having an idea which will be the size of a new Acronis True Image Home 2009 12.0.9769.15-backup (without MEMORY.DMP). This new Acronis True Image Home 2009 12.0.9769.15-backup 1600_XPA_C_2012-01-17_12.02_b.tib is actually running, including SpyShelter 5.40 premium and Zemana AntiLogger 1.9.2.819 - but no Malwarebytes' Anti-Malware at all. I'm not sure which one of SpyShelter 5.40 premium and Zemana AntiLogger 1.9.2.819 is creating those blue screens (BSOD) and Mini...........dmp, and i would like delete one of them, rather Zemana AntiLogger 1.9.2.819 because i did not get blues screens and Mini..........dmp with Malwarebytes' Anti-Malware 1.51.2.1300 and SpyShelter 5.40 premium. Let's say: I will already upload the files to my server, awaiting the end of creating Acronis True Image Home 2009 12.0.9769.15-backup 1600_XPA_C_2012-01-17_12.02_b.tib, and if there is no answer of you when Acronis True Image Home 2009 12.0.9769.15-backup 1600_XPA_C_2012-01-17_12.02_b.tib has finished, i will install Malwarebytes' Anti-Malware 1.60.0.1800. Acronis True Image Home 2009 12.0.9769.15-backup 1600_XPA_C_2012-01-17_12.02_b.tib has a size of 9 262 053 kb, so the MEMORY.DMP must be made today 2012-01-17, right? Please drop me a line before installing.

D'accord, Meinard. Actually Acronis True Image Home 2009 12.0.9769.15 is running the last backup before that action. Tomorrow i will use your mbam-clean.exe from http://www.malwareby...clean.exe , after that perform the installation of Malwarebytes' Anti-Malware 1.60.0.1800 with this setting (complete image), hoping that there will be a MEMORY.DMP - as i got already a Mini..........dmp although this setting was made. You will get my server-URL by private message. There will be no need to communicate me that the file has been successfully downloaded, as i see it here in the server-logfile. Thank you.

Edit: There are 4 possibilities installing Malwarebytes' Anti-Malware 1.60.0.1800. Besides, do you want me to uninstall first Malwarebytes' Anti-Malware 1.51.2.1300, and install Malwarebytes' Anti-Malware 1.60.0.1800 then, or installing Malwarebytes' Anti-Malware 1.60.0.1800 over the existing Malwarebytes' Anti-Malware 1.51.2.1300 ?

Sorry, what means "Yes please" ? I asked you "And with which other software? SpyShelter 5.40 premium and/or Zemana AntiLogger 1.9.2.819?" There are 4 possibilities Malwarebytes' Anti-Malware 1.60.0.1800: 1. Malwarebytes' Anti-Malware 1.60.0.1800 alone 2. Malwarebytes' Anti-Malware 1.60.0.1800 with SpyShelter 5.40 premium 3. Malwarebytes' Anti-Malware 1.60.0.1800 with Zemana AntiLogger 1.9.2.819 4. Malwarebytes' Anti-Malware 1.60.0.1800 with SpyShelter 5.40 premium and Zemana AntiLogger 1.9.2.819 Please tell me only one of the red numbers between 1 and 4 above. Thank you.

Here the screen shots of my thumb nails above in full size

The website of this thread has been changing URL and subject for the second time now. I get problems with my favourites. Well, i cannot say if i would get BSOD when Malwarebytes (version 1.51 or 1.60) is uninstalled, as it was always installed, and i never got BSOD before. Actually i run SpyShelter 5.40 premium and Malwarebytes' Anti-Malware 1.51.2.1300 and all is working really fine, and there are no BSOD at all. As i wrote above, i deleted the memory.dmp (2 086 128 kb) because it was to big. Do you want me to reinstall the Malwarebytes' Anti-Malware 1.60.0.1800 for getting BSOD? And with which other software? SpyShelter 5.40 premium and/or Zemana AntiLogger 1.9.2.819? I think most of the tests are already done, please look the history above. But it would still be possible to (first make a backup by Acronis True Image Home 2009 12.0.9769.15 and then) install / uninstall ..... ? Which program(s), please? Is a minidump-file (Mini..........dmp, 88 kb) enough? Or do you need a big memory.dmp of more than 2086 MB? I never uploaded such a huge file to MegaUpload or such websites. How do you think about downloading it from my private HFS webserver, http://www.rejetto.com/hfs/ which is normally running 16/24hours? Well, i have one of the fastest broadband internet connections that we can have here: 2561 MBit/s upload. Once, some time ago, 20 GB went out here in 16 hours, and that friend of mine who downloaded from my HFS-server has 32 000 MBit/s in download. Please tell me what i should fix in here (blue cases) +

Salut Meinard, salut Spec-V ! At the moment and like before, all works fine with SpyShelter 5.40 premium and Malwarebytes' Anti-Malware 1.51.2.1300. The other program / version Zemana AntiLogger 1.9.2.819 and Malwarebytes' Anti-Malware 1.60.0.1800 seem to be "bad".