www.MegaLab.it

[teppa]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.52.29, on 05/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\cacaoweb\cacaoweb.exe
C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\File comuni\Java\Java Update\jucheck.exe
C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 221575260e
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=94d73e1b00000000000000221575260e&tlver=1.4.19.19&affID=17160
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
O4 - HKLM\..\Run: [facemoods] "C:\Programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lord\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cacaoweb] "C:\Programmi\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [{D64B4C98-40F1-4EAA-D9A0-25EEF5D0507E}] "C:\Documents and Settings\Lord\Dati applicazioni\Ubwae\etti.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\windows ilivid toolbar\datamngr\datamngr.dll c:\progra~1\windows ilivid toolbar\datamngr\iebho.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10397 bytes

[hashcat]

Devi fixare questi elementi:

Codice: Seleziona tutto

C:\PROGRA~1\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 221575260e
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=94d73e1b000000000 00000221575260e&tlver=1.4.19.19&affID=17160
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [{D64B4C98-40F1-4EAA-D9A0-25EEF5D0507E}] "C:\Documents and Settings\Lord\Dati applicazioni\Ubwae\etti.exe"
O20 - AppInit_DLLs: c:\progra~1\windows ilivid toolbar\datamngr\datamngr.dll c:\progra~1\windows ilivid toolbar\datamngr\iebho.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe

Sul tuo computer è presente il PUP (Programma Potenzialmente Indesiderato) Spygot, è caldamente consigliata una scansione completa con Malwarebytes.

Per fare una veloce pulizia

[hashcat]

Utilizza The Avenger 2:

1. Scarica The Avenger 2 da qui
2. Eseguilo
3. Deseleziona l'opzione Scan for rootkits
   Inserisci il seguente script nella casella di testo
   Premi Execute
   
   

   Codice: Seleziona tutto

   Folders to delete:
C:\Programmi\File comuni\Spigot\
C:\Programmi\Application Updater\
C:\Programmi\pdfforge Toolbar\
C:\Documents and Settings\Lord\Dati applicazioni\Ubwae\
C:\Program Files\Windows iLivid Toolbar\

   
   
4. Autorizza The Avenger 2 a riavviare il computer
5. Inserisci nel prossimo messaggio il log generato da The Avenger 2 (C:\Avenger.txt)

Ti suggerisco caldamente di aggiornare Windows al Service Pack 3

[teppa]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 8097

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/11/2011 18.09.39
mbam-log-2011-11-06 (18-09-39).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 326810
Tempo impiegato: 50 minuti, 29 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 1
Chiavi di registro infette: 1
Valori di registro infetti: 3
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 17

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FX - AVI Converter (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMMI\FILE COMUNI\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{D64B4C98-40F1-4EAA-D9A0-25EEF5D0507E} (Trojan.ZbotR.Gen) -> Value: {D64B4C98-40F1-4EAA-D9A0-25EEF5D0507E} -> Delete on reboot.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\documents and settings\Lord\documenti\Download\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\documenti\Download\facemoods.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\impostazioni locali\Temp\cacaonew23c4a7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\impostazioni locali\Temp\cacaonew95eaa7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\impostazioni locali\Temp\icreinstall\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\impostazioni locali\Temp\icreinstall\facemoods.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
c:\programmi\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll.7 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programmi\file comuni\Spigot\wtxpcom\components\widgitoolbarff.dll.8 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programmi\foxtabaviconverter\uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{602a5ea5-2655-4b5e-b0bc-d44446a7bc58}\RP165\A0080712.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{602a5ea5-2655-4b5e-b0bc-d44446a7bc58}\RP168\A0084194.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
d:\system volume information\_restore{b9530283-e746-428a-8da8-55bd1faa2dfb}\RP160\A0047381.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Lord\dati applicazioni\Ubwae\etti.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

[teppa]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder "C:\Programmi\File comuni\Spigot" deleted successfully.
Folder "C:\Programmi\Application Updater" deleted successfully.
Folder "C:\Programmi\pdfforge Toolbar" deleted successfully.
Folder "C:\Documents and Settings\Lord\Dati applicazioni\Ubwae" deleted successfully.

Error: folder "C:\Program Files\Windows iLivid Toolbar" not found!
Deletion of folder "C:\Program Files\Windows iLivid Toolbar" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[teppa]

Ah già sembra tutto risolto.... grazie dell'aiuto....