THANKS FOR THE HELP SO FAR, I HAVEN'T GONE ELSEWHERE TO TAKE CARE OF THIS, HOPING THE PATIENCE WILL PAY OFF AT THE END!!
SORRY SOME OF THE EWIDO IS IN ITALIAN (PULITO MEANS CLEANED), THE SYSTEM SOFTWARE IS TOO.
THE REPORTS ARE IN THE FOLLOWING ORDER:
EWIDO
TREND MICRO
HIJACKTHIS
HERE THEY ARE:
ewido security suite - Rapporto Scansione
---------------------------------------------------------
+ Creato il: 1:27:34, 28/07/2005
+ Report-Checksum: C2811356
+ Risultati scansione:
HKLM\SOFTWARE\Classes\CLSID\{01FB9C55-FC66-4476-A199-389241193188} -> Spyware.WurldMedia : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01FB9C55-FC66-4476-A199-389241193188} -> Spyware.WurldMedia : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@2o7[2].txt -> Spyware.Cookie.2o7 : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Pointroll : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@adtech[2].txt -> Spyware.Cookie.Adtech : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@centrport[2].txt -> Spyware.Cookie.Centrport : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Sexcounter : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@fastclick[2].txt -> Spyware.Cookie.Fastclick : Pulito con Backup
C:\Documents and Settings\en16832\Cookies\en16832@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Pulito con Backup
::Fine Rapporto
TREND MICRO REPORT:
Virus Scan 0 virus cleaned, 0 virus deleted
Results:
We have detected 1 infected file(s) with 1 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 1 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\WINNT\system32\wininet.dll TSPY_ALEMOD.A Undeletable
Trojan/Worm Check 0 worm/Trojan horse deleted
What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken
Spyware Check 2 spyware programs removed
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 20 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 18 spyware(s) passed, 0 spyware(s) no action available
- 2 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_45 Cookie Pass
COOKIE_146 Cookie Pass
COOKIE_238 Cookie Pass
COOKIE_442 Cookie Pass
COOKIE_592 Cookie Pass
COOKIE_611 Cookie Pass
COOKIE_722 Cookie Pass
COOKIE_756 Cookie Pass
COOKIE_1198 Cookie Pass
COOKIE_1543 Cookie Pass
COOKIE_1738 Cookie Pass
COOKIE_2136 Cookie Pass
COOKIE_2250 Cookie Pass
COOKIE_2281 Cookie Pass
COOKIE_2411 Cookie Pass
COOKIE_2921 Cookie Pass
COOKIE_3201 Cookie Pass
DIAL_SGRUNT.A Dialer Removal successful
SPYW_PPNETWORK.B Spyware Removal successful
COOKIE_3235 Cookie Pass
Microsoft Vulnerability Check 19 vulnerabilities detected
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 19 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This vulnerability allows local users to gain system privileges by duplicating a handle to a privileged process. This is due to Windows NT and Windows 2000's debugging subsystem, which does not properly authenticate programs that connect to other programs. MS02-024
Critical This vulnerability allows an attacker to cause a denial of service attack to a target server machine. This is caused by a buffer overflow in SMB protocol in Microsoft Windows NT, Windows 2000, and Windows XP. MS02-045
Highly Critical This vulnerability enables local users to execute arbitrary code through an RPC call. This is caused by a buffer overflow in the RPC Locator service for Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-001
Highly Critical This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-007
Highly Critical This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer. MS03-014
Critical This vulnerability enables a remote attacker to cause a denial of service and execute arbitrary code through a specially formed web page or HTML e-mail. This is caused by a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. MS03-023
Critical This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory. MS03-041
Critical This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003. MS03-043
Important This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely. MS03-045
Highly Critical The LSASS vulnerability is a buffer overrun vulnerability allows remote code execution.;The LDAP vulnerability is a denial of service (DoS) vulnerability that causes the service in a Windows 2000 domain controller responsible for authenticating users in an Active Directory domain to stop responding.;The PCT vulnerability is a buffer overrun vulnerability in the Private Communications Transport (PCT) protocol, a part of the SSL library, that allows remote code execution.;The Winlogon vulnerability is a buffer overrun vulnerability in the Windows logon process (winlogon) that allows remote code execution.;The Metafile vulnerability is a buffer overrun vulnerability that exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.;The Help and Support Center vulnerability allows remote code execution and is due to the way Help and Support Center handles HCP URL validation.;The Utility Manager vulnerability is a privilege elevation vulnerability that exists due to the way that Utility Manager launches applications.;The Windows Management vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at the system privilege level.;The Local Descriptor Table vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at with system privileges.;The H.323 vulnerability is a buffer overrun vulnerability that when successfully exploited can allows attackers to gain full control of a system by arbitrarily executing commands with system privileges.;Virtual DOS Machine vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to gain full control of a system by executing commands with system privileges.;The Negotiate SSP vulnerability is a buffer overrun vulnerability that exists in Microsoft's Negotiate Security Service Provider (SSP) interface and allows remote code execution.;The SSL vulnerability exists due to the way SSL packets are handled and can causes the affected systems to stop responding to SSL connection requests.;The ASN.1 'Double-Free' vulnerability exists in Microsoft's Abstract Syntax Notation One (ASN.1) Library and allows remote code execution at the system privilege level. MS04-011
Critical The RPC Runtime Library vulnerability is a remote code execution vulnerability that results from a race condition when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploits this vulnerability could take complete control of an affected system.;The RPCSS Service denial of service (DoS) vulnerability allows a malicious user or malware to send specially-crafted messages to a vulnerable system, which causes the RPCSS Service to stop responding.;The RPC Over HTTP vulnerability may be used to launch a denial of service (DoS) attack against a system with CIS or RPC over HTTP Proxy enabled.;When successfully exploited, the Object Identity vulnerability allows an attacker to force currently running applications to open network communication ports, thereby opening a system to remote attacks. MS04-012
Critical The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. MS04-013
Moderate This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application. MS04-016
Moderate A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018
Critical This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user. MS04-022
Critical An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges. MS04-023
Critical The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. MS04-025
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028
Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040
HIJACK THIS REPORT NUMBER 2:
Logfile of HijackThis v1.99.1
Scan saved at 2:01:58, on 28/07/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\Programmi\Citrix\ICA Client\ssonsvr.exe
C:\Programmi\Network Associates\VirusScan\VsStat.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Host Integration Server\system\ddmserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Programmi\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\System32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\System32\ctfmon.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\en16832\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qing.com/O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Programmi\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\APPL\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\APPL\Yahoo!\MESSEN~1\YPager.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CCS\Services\Tcpip\..\{60186554-E192-4F7E-AE52-05F8B87D3867}: NameServer = 213.205.32.70,213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eni.pri
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Controllo esteso sistema (ctless) - Unknown owner - C:\WINNT\downlo~1\dzc0ztp\429u5qo.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\programmi\oracle\Ora81\BIN\ONRSD.EXE