panda detect a large collection.
In this format (as a copy paste) the panda report is not so easy to read.
I did not delete anything, waiting ror your reply.
I run HijackThis while connected on internet, so I have th O17....
Thank you
*******************************************************************
Incident Status Location
Adware:adware/cws.searchmeup Reported C:\WINNT\INETDATA\services.exe
Spyware:spyware/wareout Reported C:\WINNT\SYSTEM32\loadctr32.exe
Adware:adware/virmaid Reported C:\WINNT\SYSTEM32\perfcii.ini
Adware:adware/superspider Reported C:\WINNT\SYSTEM32\system32.dll
Adware:adware/spysheriff Reported C:\WINNT\SYSTEM32\thn.dll
Dialer:dialer.xd Reported C:\WINNT\SYSTEM32\vbsys2.dll
Adware:adware/adsmart Reported C:\WINNT\SYSTEM32\vxgamet2.exe
Dialer:dialer.akd Reported C:\WINNT\Preferiti\explorer.lnk
Adware:adware/cws Reported C:\WINNT\Preferiti\Online Sex Poker Rooms.url
Adware:adware/sbsoft Reported C:\WINNT\rdt.ini
Adware:adware/cws.yexe Reported C:\WINNT\inetdata
Adware:adware/hotoffers Reported Windows Registry
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
Adware:Adware/RazeSpyware Reported C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\OVS78VIB\load01[1].exe
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
Dialer:Dialer.ABR Reported C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105855-707.inf
Adware:Adware/PurityScan Reported C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105856-666.inf
Dialer:Dialer.NQ Reported C:\WINNT\Downloaded Program Files\CONFLICT.1\d_alexxx.exe
Dialer:Dialer.NQ Reported C:\WINNT\Downloaded Program Files\d_alexxx.exe
Adware:Adware/Popuper Reported C:\WINNT\popuper.exe
Adware:Adware/RazeSpyware Reported C:\WINNT\system32\43863111.exe
Virus:Trj/Downloader.FFZ Reported C:\WINNT\system32\cscxa.exe
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\1.hosts
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\2.hosts
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\3.hosts
Adware:Adware/QuickWeb Reported C:\WINNT\system32\hlmicro.exe
Adware:Adware/QuickWeb Reported C:\WINNT\system32\ntfsnlpa.exe
Spyware:Spyware/AdClicker Reported C:\WINNT\system32\vbsys2.dll
Virus:Trj/Lowzones.FO Reported C:\WINNT\system32\vxgamet2.exe
Virus:W32/Sober.I.worm Reported [mchr19115.zip][message_text.txt .pif]
***********************************************************
Logfile of HijackThis v1.99.1
Scan saved at 12:12:12, on 22/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5...m::/painter.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...RdxIE601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe