Svchost eats memory - Free Antivirus Forum

Svchost eats memory

BullGuard Antivirus Forum > Bullguard zone > BullGuard Customers > Svchost eats memory

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

patmat
New Member

Date Joined Aug 2008
Total Posts : 2

Posted 8-22-2008 12:57 (GMT +1)

Hi! First, I'm from italy, and my english is very poor, I know... I'll try to be as clear as I can, please forgive me for my mistakes!

My problem is that sometimes, my pc slow down like it stops: when it happens, and I look at taskmanager with cntr+alt+canc, Always I see lots of "svchost" running, and always one of those, ir running eating all my cpu. Usually it takes few minutes to return at a normal function. My question is: Why installing windows, I got only one svchost, but after some period I find lots of them??? An how can I know, at what program every single svchost is related??? How can I be sure, there's not any spyware, who starts running, slowling down my pc? I mean... sometimes it happens, without I got opened any program working... I regularly start bullguard scan, spybot scan, and registry booster application, but it seems nothing works bad in pc....

I post a log of hijackthis, just done few minutes ago...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.47.03, on 22/08/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\ContentWatch\Internet Protection\cwsvc.exe
C:\Programmi\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ContentWatch\Internet Protection\cwtray.exe
C:\Programmi\BullGuard Ltd\BullGuard\bullguard.exe
C:\Programmi\Opera\opera.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [cwcptray] C:\Programmi\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Programmi\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [BullGuard] "C:\Programmi\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - Startup: Banshee Screamer Alarm.lnk.disabled
O4 - Startup: eMule AdunanzA.lnk = C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
O4 - Startup: OpenOffice.org 2.4.lnk.disabled
O4 - Startup: Pidgin.lnk.disabled
O4 - Global Startup: VersionTrackerPro.lnk.disabled
O9 - Extra button: Related - -{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - -{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cwalsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212252400937
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmi\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Programmi\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Programmi\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 4080 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 8-22-2008 1:24 (GMT +1)

Hello in Italy smile

Here is a description of svchost.exe ->
http://support.microsoft.com/kb/314056/it

I´ll suggest you run one more scan -

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with the latest Bullguard scan log log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

patmat
New Member

Date Joined Aug 2008
Total Posts : 2

Posted 8-23-2008 3:24 (GMT +1)

OK, I done.... now, I.m posting the two logs:

MALWAREBYTES:
Malwarebytes' Anti-Malware 1.25
Versione del database: 1076
Windows 5.0.2195 Service Pack 4

15.49.24 22/08/2008
mbam-log-08-22-2008 (15-49-24).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|)
Elementi scansionati: 155871
Tempo trascorso: 1 hour(s), 9 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

BULLGUARD:
___________________________________________________________

BullGuard Scan Report
Scan Profile: "Risorse del computer"
___________________________________________________________

----[ System Info ]------------

OS Version: Microsoft Windows 2000 Professional - Service Pack 4 (Build 2195) [1 * x86 CPUs]
Physical memory: 1024 MB
System up-time: 0 days, 04 hours, 48 minutes, 06 seconds
BullGuard up-time: 0 days, 04 hours, 46 minutes, 35 seconds
TopLayer Version: 8, 0, 0, 7
FileSpy5 Version: N/A
BdFileSpy Version: N/A
BsFileScan Version: 8, 0, 0, 57
Reconn Version: N/A
MailProxy Version: 8, 0, 0, 17
AntiVirus Version: 8, 0, 0, 46

----[ Scan Parameters ]------------

Folders to scan:
C:\
D:\
E:\
F:\
G:\
H:\

Excluded folders:
None

Files to scan:
None

Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:

[X] Exclude user extensions: lnk

[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Scan running processes
[X] Scan registry
[X] Scan IE cookies
[X] Enable heuristic detection

[ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Friday, August 22, 2008 17:05:26
Scan duration: 0 days, 01 hours, 15 minutes, 23 seconds
Completion status: Successful

Total files scanned: 456533
Total files skipped: 136
Identified viruses: 1
Scan speed: 100.94 files/sec

Files skipped:
C:\Avenger\backup.zip=>avenger/avenger.txt [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>RELATED.HTM [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Brokenlink.zip=>MalwareBite's.lnk [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Brokenlink.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata10.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata10.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata11.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata11.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata12.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata12.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata6.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata6.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata7.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata7.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata8.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata8.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata9.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cartellaprogrammaerrata9.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\CommonDialogs.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\CommonDialogs.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante10.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante10.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante11.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante11.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante12.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante12.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante13.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante13.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante14.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante14.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante15.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante15.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante16.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante16.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante17.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante17.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante18.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante18.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante19.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante19.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante20.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante20.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante21.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante21.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante22.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante22.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante23.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante23.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante24.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante24.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante25.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante25.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante26.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante26.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante27.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante27.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante28.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante28.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante29.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante29.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante30.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante30.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante31.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante31.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante32.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante32.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante33.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante33.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante34.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante34.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante35.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante35.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante6.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante6.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante7.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante7.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante8.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante8.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante9.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\DLLcondivisamancante9.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterRegistryTools.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterRegistryTools.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\patrick\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\patrick\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\patrick\NTUSER.DAT [Open Failed]
C:\Documents and Settings\patrick\ntuser.dat.LOG [Open Failed]
C:\WINNT\system32\config\default [Open Failed]
C:\WINNT\system32\config\default.LOG [Open Failed]
C:\WINNT\system32\config\SAM [Open Failed]
C:\WINNT\system32\config\SAM.LOG [Open Failed]
C:\WINNT\system32\config\SECURITY [Open Failed]
C:\WINNT\system32\config\SECURITY.LOG [Open Failed]
C:\WINNT\system32\config\software [Open Failed]
C:\WINNT\system32\config\software.LOG [Open Failed]
C:\WINNT\system32\config\system [Open Failed]
C:\WINNT\system32\config\SYSTEM.ALT [Open Failed]
C:\WINNT\system32\Perflib_Perfdata_338.dat [Open Failed]
E:\ [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Cookies ]------------

Malware: Cookie.ATDMT
<System>=>C:\Documents and Settings\patrick\Cookies\patrick@atdmt.txt

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started: Friday, August 22, 2008 15:50:03
Scan duration: 0 days, 01 hours, 15 minutes, 23 seconds
Infections solved: 0
Infections left: 1
Viruses left: 1

----[ Cookies Still Infected ]------------

Malware: Cookie.ATDMT
<System>=>C:\Documents and Settings\patrick\Cookies\patrick@atdmt.txt

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started: Saturday, August 23, 2008 04:20:52
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 1
Infections left: 0
Viruses left: 0

----[ Cookies Solved ]------------

Malware: Cookie.ATDMT
Status: Deleted
<System>=>C:\Documents and Settings\patrick\Cookies\patrick@atdmt.txt

Forum Information

Currently it is Tuesday, December 02, 2008 1:30 PM (GMT +1)
There are a total of 64.503 posts in 15.908 threads.
In the last 3 days there were 18 new threads and 106 reply posts. View Active Threads