www.MegaLab.it

[choco571]

Ho trovato il seguente file "drvnnrmh.exe" nel task manager con nome utente SYSTEM.
Essendo un nuovo file l'ho bloccato cambiandogli il nome.
Se qualcuno mi sa dire che cos'è, se percaso viene dall'ultimo aggiornamento di WinXP prodotto ieri o è un file che mi potrebbe dare fastidi...

P.S.: gli antivirus non me lo hanno segnalato e uso Fire Fox (se può servire)

GRAZIE

[crazy.cat]

Probabile schifezza, fallo analizzare da virustotal
http://www.MegaLab.it/2425

[choco571]

Questo è il risultato:

Devo confermare i miei test, comunque dopo aver riavviato (quando l'ho bloccato) l'interfaccia grafica di alcune finestre (x es. quella del Task Manager) erano tornate allo stato di Win2k
Vedendo il mio sistema instabile ho pensato di riabilitarlo...cosa mi consigliate dopo aver visto il risultato della scansione?

[Amantide]

Posta un log di Hijackthis.

[choco571]

Logfile of HijackThis v1.99.1
Scan saved at 15.44.57, on 05/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\MMaestro\BWheel35.exe
C:\Programmi\Garzanti Linguistica\Hazon Clic\Hazon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mastronardi\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [HAZON CLIC] C:\Programmi\Garzanti Linguistica\Hazon Clic\Hazon.exe -I
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041807 serial=DR12WEX-1504397-KTY lang=IT
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.alice.it
O15 - Trusted Zone: http://*.alicemessenger.alice.it
O15 - Trusted Zone: http://*.messenger-wizard.rossoalice.alice.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mgros1987.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {5AF01DCD-8539-4814-9693-ADF47058F075} (ReportReader Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE6D25E0-5B94-46D2-8D2C-F2174088F3AC}: NameServer = 85.37.17.49 85.38.28.91
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: DirectX Service (DirectKasw) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

[Amantide]

Scarica SDFix e cliccaci sopra. Verrà creata la cartella C:\SDFix.
- riavvia il pc in modalità provvisoria (F8 all'avvio);
- apri la cartella C:\SDFix e fai il doppio click su RunThis.bat per avviare il tool;
- digiti Y e premi Invio;
- quando verrà richiesto premi un tasto qualsiasi per riavviare il sistema ed effettuare la pulizia delle voci trovate;
- al riavvio del pc aspetta l'apparizione del messaggio Finished;
- premi un tasto qualsiasi per terminare l'operazione.
Alla fine posta qui il contenuto del log che troverai in C:\SDFix\report.txt

[choco571]

Ecco qui:


SDFix: Version 1.76

Run by Administrator - 05/04/2007 - 16.10.31,90

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
DirectKasw

ImagePath:
"" -e te-110-12-0000073
c:\windows\system32\directx.exe

Client IP-IPX Deleted
DirectKasw Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Programmi\\BitTorrent\\bittorrent.exe"="C:\\Programmi\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programmi\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Programmi\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Programmi\\Autodesk\\backburner\\monitor.exe"="C:\\Programmi\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Programmi\\Autodesk\\backburner\\manager.exe"="C:\\Programmi\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Programmi\\Autodesk\\backburner\\server.exe"="C:\\Programmi\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Programmi\\LimeWire\\LimeWire.exe"="C:\\Programmi\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\$NtUninstallKB900485$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB900485$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Programmi\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Programmi\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmi\\Messenger\\Msmsgs.exe"="C:\\Programmi\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Mastronardi\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Mastronardi\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Programmi\\uTorrent\\utorrent.exe"="C:\\Programmi\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\$NtUninstallKB900485$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB900485$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :

C:\Programmi\Autodesk\Autodesk DWF Viewer\_Setup.dll
C:\Programmi\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Documents and Settings\Mastronardi\Documenti\NeroStartSmart.exe
C:\Programmi\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d46cb2efafd05d59f435c6e637979ffc\BIT94.tmp

Finished

P.S.: non ho avviato Catchme.exe come richiesto...dovrei?

[Amantide]

P.S.: non ho avviato Catchme.exe come richiesto...dovrei?

No, questo no. Avevi qualche residuo di Sdbot nel pc ed è per questo che ti ho fatto usare SDfix.

Ora per sicurezza scarica ed avvia Systemscan, spunta tutte le voci e clicca su Scan Now. A scansione terminata trova in C:\suspectfile il file report.txt, comprimilo in un archivio rar o zip ed allegalo qui come un ALLEGATO.

[choco571]

Il programma non mi permetteva di attivare 2 voci:
-extended (only XP-SP2)
-Include Hijackthis log

Il secondo penso non faccia differenza, ma il primo...

comunque ho caricato il report in un file .rar come richiesto

Grazie per l'assistenza

[Amantide]

Abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti), trova ed elimina questi file:

C:\Programmi\File comuni\{348053BB-0BC2-1040-0926-040916040027}\Update.exe
c:\windows\system32\drvnnrmh.exe


Questi 2 invece carica su www.virustotal.com per vedere di cosa si tratta:
C:\WINDOWS\SYSTEM32\AUTHDVD.DLL
C:\WINDOWS\SYSTEM32\DPRSX.DLL

[choco571]

C:\Programmi\File comuni\{348053BB-0BC2-1040-0926-040916040027}\Update.exe

Il file non era presente, ho cancellato comunque la cartella

c:\windows\system32\drvnnrmh.exe

Eliminato

Scansioni:

C:\WINDOWS\SYSTEM32\AUTHDVD.DLL

C:\WINDOWS\SYSTEM32\DPRSX.DLL

[Amantide]

C:\Programmi\File comuni\{348053BB-0BC2-1040-0926-040916040027}\Update.exe

Il file non era presente, ho cancellato comunque la cartella

Forse perché il file aveva gli attributi di file nascosto e si doveva abilitare la visualizzazione dei file e cartelle nascosti.

Altri due file sono "buoni".

[choco571]

Forse perché il file aveva gli attributi di file nascosto e si doveva abilitare la visualizzazione dei file e cartelle nascosti.

Ti assicuro di averlo abilitato, ho molti file nascosti nell'HD e so bene come si usa quella caratteristica, pensa che per essere sicuro ho attivato anche la visualizzazione dei file di sistema!
La cartella risultava vuota., l'ho cancellata se no te ne facevo una immagine con le impostazioni attivate...

comunque sia: GRAZIE 100000....PER L'AIUTO!!!!!