www.MegaLab.it

[GERONIMO*]

http://imageshack.us/?no_multi=1

[Or4colo]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, httt:www.gmer.net
Windows 5.1.2600 Disk:WCD_WD1600JS-00NCB1 rev.10.02E02 -> Harddisk0\DR0-Device\Ide\IdeDeviceP2T0L0-17
device:opened successfully
user:MBR read successfully
kernel:MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 312576705

Questo è quello che mi dice MBR seguendo la procedura consigliata. Ho riprovato più volte,accidenti! grazie

[GERONIMO*]

mmm..
sembrerebbe ok

ma per precauzione facciamo l'ultimo controllo
Scarica aswMBR.exe sul desktop.
http://public.avast.com/~gmerek/aswMBR.exe
lancialo
Clicca sul pulsante Scan per avviare la scansione
se chiede di aggiornarlo,Accetta


Al termine della scansione clicca su Save log,e salvalo sul desktop.
Postalo qui.

[Or4colo]

Non so è fermo da un po' credo sia inchiodato... Comunque per ora questo è il log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 22:07:02
-----------------------------
22:07:02.538 OS Version: Windows 5.1.2600 Service Pack 3
22:07:02.538 Number of processors: 2 586 0xF02
22:07:02.538 ComputerName: PC UserName:
22:07:03.617 Initialize success
22:07:18.835 AVAST engine defs: 12100501
22:07:23.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:07:23.757 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
22:07:23.788 Disk 0 MBR read successfully
22:07:23.788 Disk 0 MBR scan
22:07:23.929 Disk 0 Windows XP default MBR code
22:07:23.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:07:23.976 Disk 0 scanning sectors +312576705
22:07:24.007 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
22:07:24.117 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:50.898 Service scanning
22:08:09.132 Modules scanning
22:08:20.398 Disk 0 trace - called modules:
22:08:20.429 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:20.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87731ab8]
22:08:20.945 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x877887f8]
22:08:20.945 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x87779d98]
22:08:21.288 AVAST engine scan C:\WINDOWS
22:08:58.570 AVAST engine scan C:\WINDOWS\system32
22:16:09.710 AVAST engine scan C:\WINDOWS\system32\drivers
22:16:50.101 AVAST engine scan C:\Documents and Settings\Administrator
22:28:03.710 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:03.710 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 22:07:02
-----------------------------
22:07:02.538 OS Version: Windows 5.1.2600 Service Pack 3
22:07:02.538 Number of processors: 2 586 0xF02
22:07:02.538 ComputerName: PC UserName:
22:07:03.617 Initialize success
22:07:18.835 AVAST engine defs: 12100501
22:07:23.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:07:23.757 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
22:07:23.788 Disk 0 MBR read successfully
22:07:23.788 Disk 0 MBR scan
22:07:23.929 Disk 0 Windows XP default MBR code
22:07:23.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:07:23.976 Disk 0 scanning sectors +312576705
22:07:24.007 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
22:07:24.117 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:50.898 Service scanning
22:08:09.132 Modules scanning
22:08:20.398 Disk 0 trace - called modules:
22:08:20.429 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:20.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87731ab8]
22:08:20.945 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x877887f8]
22:08:20.945 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x87779d98]
22:08:21.288 AVAST engine scan C:\WINDOWS
22:08:58.570 AVAST engine scan C:\WINDOWS\system32
22:16:09.710 AVAST engine scan C:\WINDOWS\system32\drivers
22:16:50.101 AVAST engine scan C:\Documents and Settings\Administrator
22:28:03.710 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:03.710 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:28:55.054 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:55.054 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 22:07:02
-----------------------------
22:07:02.538 OS Version: Windows 5.1.2600 Service Pack 3
22:07:02.538 Number of processors: 2 586 0xF02
22:07:02.538 ComputerName: PC UserName:
22:07:03.617 Initialize success
22:07:18.835 AVAST engine defs: 12100501
22:07:23.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:07:23.757 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
22:07:23.788 Disk 0 MBR read successfully
22:07:23.788 Disk 0 MBR scan
22:07:23.929 Disk 0 Windows XP default MBR code
22:07:23.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:07:23.976 Disk 0 scanning sectors +312576705
22:07:24.007 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
22:07:24.117 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:50.898 Service scanning
22:08:09.132 Modules scanning
22:08:20.398 Disk 0 trace - called modules:
22:08:20.429 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:20.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87731ab8]
22:08:20.945 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x877887f8]
22:08:20.945 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x87779d98]
22:08:21.288 AVAST engine scan C:\WINDOWS
22:08:58.570 AVAST engine scan C:\WINDOWS\system32
22:16:09.710 AVAST engine scan C:\WINDOWS\system32\drivers
22:16:50.101 AVAST engine scan C:\Documents and Settings\Administrator
22:28:03.710 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:03.710 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:28:55.054 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:55.054 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:30:05.132 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:30:05.132 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

[Or4colo]

ok ha finito questo è il log, ti prego dammi buone notizie

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 22:07:02
-----------------------------
22:07:02.538 OS Version: Windows 5.1.2600 Service Pack 3
22:07:02.538 Number of processors: 2 586 0xF02
22:07:02.538 ComputerName: PC UserName:
22:07:03.617 Initialize success
22:07:18.835 AVAST engine defs: 12100501
22:07:23.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:07:23.757 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
22:07:23.788 Disk 0 MBR read successfully
22:07:23.788 Disk 0 MBR scan
22:07:23.929 Disk 0 Windows XP default MBR code
22:07:23.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:07:23.976 Disk 0 scanning sectors +312576705
22:07:24.007 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
22:07:24.117 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:50.898 Service scanning
22:08:09.132 Modules scanning
22:08:20.398 Disk 0 trace - called modules:
22:08:20.429 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:20.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87731ab8]
22:08:20.945 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x877887f8]
22:08:20.945 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x87779d98]
22:08:21.288 AVAST engine scan C:\WINDOWS
22:08:58.570 AVAST engine scan C:\WINDOWS\system32
22:16:09.710 AVAST engine scan C:\WINDOWS\system32\drivers
22:16:50.101 AVAST engine scan C:\Documents and Settings\Administrator
22:28:03.710 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:03.710 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:28:55.054 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:28:55.054 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:30:05.132 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:30:05.132 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:44:04.210 AVAST engine scan C:\Documents and Settings\All Users
22:45:24.960 Scan finished successfully
22:47:00.351 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:47:00.367 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
22:47:23.148 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:47:23.148 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

ps ho scoperto in C.Document and setting.administrator, all users, e help assistant.centra qualcosa con il discorso di prima? Ciao

[GERONIMO*]

infatti mbr.exe non mi convinceva

apri aswMBR
clicca su Scan attendi la fine della scansione
finita la scansione clicca su FIXMBR
finita l'operazione Riavvia il pc

e si sei stato infettato dal rootkit help assistant
cancella la cartella help assistant.
svuota il cestino

[GERONIMO*]

aspetta non cancellarla la cartella help assistant vedi prima se dopo aver fatto FIXMBR
c'è ancora

[Or4colo]

Ha finito ma fix nbr non è disponibile, c'è solo fix, clicco su quello???
ops cartella già cancellata

[GERONIMO*]

clicca su Fix attendi la fine
salva il report
riavvia il pc
posta il report

[Or4colo]

Ecco fatto, procedura completata

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 17:40:20
-----------------------------
17:40:20.390 OS Version: Windows 5.1.2600 Service Pack 3
17:40:20.390 Number of processors: 2 586 0xF02
17:40:20.390 ComputerName: PC UserName:
17:40:21.062 Initialize success
17:40:37.718 AVAST engine defs: 12100501
17:40:42.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
17:40:42.140 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
17:40:42.156 Disk 0 MBR read successfully
17:40:42.156 Disk 0 MBR scan
17:40:42.218 Disk 0 Windows XP default MBR code
17:40:42.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
17:40:42.265 Disk 0 scanning sectors +312576705
17:40:42.296 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
17:40:42.359 Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:02.828 Service scanning
17:41:21.953 Modules scanning
17:41:27.640 Disk 0 trace - called modules:
17:41:27.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:41:27.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877ccab8]
17:41:27.671 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x87735b30]
17:41:27.671 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8774f940]
17:41:28.171 AVAST engine scan C:\WINDOWS
17:41:54.109 AVAST engine scan C:\WINDOWS\system32
17:46:45.546 AVAST engine scan C:\WINDOWS\system32\drivers
17:47:12.921 AVAST engine scan C:\Documents and Settings\Administrator
18:05:13.875 AVAST engine scan C:\Documents and Settings\All Users
18:06:10.140 Scan finished successfully
18:09:43.875 Disk 0 MBR read successfully
18:09:43.906 Disk 0 scanning sectors +312576705
18:09:43.953 Disk 0 malicious Win32:MBRoot code @ sector 312576708 !
18:09:43.968 Disk 0 sector 312576708 cleaned
18:09:43.968 Verifying disinfection
18:09:54.062 Infection fixed successfully - please reboot ASAP
18:11:09.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:11:09.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBRabc.txt"

Ciao grazie

[GERONIMO*]

rifai di nuovo la scansione con aswMBR.
lancialo
Clicca sul pulsante Scan
attendi la fine
posta il nuovo report che rilascia

[Or4colo]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 22:05:18
-----------------------------
22:05:18.359 OS Version: Windows 5.1.2600 Service Pack 3
22:05:18.359 Number of processors: 2 586 0xF02
22:05:18.359 ComputerName: PC UserName:
22:05:19.140 Initialize success
22:05:35.156 AVAST engine defs: 12100501
22:05:36.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:05:36.421 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152626MB BusType: 3
22:05:36.437 Disk 0 MBR read successfully
22:05:36.437 Disk 0 MBR scan
22:05:36.500 Disk 0 Windows XP default MBR code
22:05:36.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:05:36.531 Disk 0 scanning sectors +312576705
22:05:36.609 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:54.484 Service scanning
22:06:11.625 Modules scanning
22:06:17.468 Disk 0 trace - called modules:
22:06:17.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:06:17.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876f9030]
22:06:17.500 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x877757f8]
22:06:17.500 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x876f5d98]
22:06:17.984 AVAST engine scan C:\WINDOWS
22:06:43.343 AVAST engine scan C:\WINDOWS\system32
22:11:29.671 AVAST engine scan C:\WINDOWS\system32\drivers
22:11:52.390 AVAST engine scan C:\Documents and Settings\Administrator
22:32:19.156 AVAST engine scan C:\Documents and Settings\All Users
22:33:16.296 Scan finished successfully
22:34:38.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:34:38.703 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\t67.txt"

C sono, tutto ok?

[GERONIMO*]

ok
uscito pulito
senti io credo che abbiamo risolto
ora fai una scansione con Avira o malwarebytes,giusto per vedere se trova sempre qualcosa
se non trova nulla abbiamo finito

[Or4colo]

Scansione fatta con MalwareBytes, ha trovato 2 file infetti.. Ecco il og

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.10.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC [amministratore]

08/10/2012 17.41.20
giytt7.txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 264656
Tempo impiegato: 52 minuti, 23 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Nessuna azione intrapresa.

Valori di registro rilevati: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Dati: Savings Sidekick -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

come al solito attendo informazioni sul da farsi :-) Ciao grazie

[tecnico24]

Scansione fatta con MalwareBytes, ha trovato 2 file infetti.. Ecco il og

Malwarebytes Anti-Malware 1.65.0.1400
http://www.malwarebytes.org

Versione database: v2012.10.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC [amministratore]

08/10/2012 17.41.20
giytt7.txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 264656
Tempo impiegato: 52 minuti, 23 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Nessuna azione intrapresa.

Valori di registro rilevati: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Dati: Savings Sidekick -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

come al solito attendo informazioni sul da farsi :-) Ciao grazie

Ricapitola la situazione : il problema si è risolto?
il firewall si è avviato?avast?

[GERONIMO*]

bhe non trova più 500 file infetti
direi che sei a posto
per me il problema è risolto

[Or4colo]

Si in effetti ero un po' sollevato leggendo solo 2 file infetti Cosa mi consigli per eliminare anche quelle chiavi di registro infette, magari uso MalwareBytes in mod.provvisoria? Li sposto in quarantena e poi le elimino non saprei.E poi inizio a reinstallarmi tutti i programmi cancellati e via. Comunque grazie di tutto l'aiuto che mi avete dato, Geronimo in particolare. Senza di Voi non saprei proprio come avrei fatto! Grazie ancora

[Or4colo]

Non riuscendo a modificare il post riscrivo :-)
Ops leggendo in giro ho visto che quei 2 file trovati sono legati ad un virus, di cui non ho capito molto bene il significato. In ogni caso mi date un consiglio su come eliminarli? Magari con MalwareBytes, hijackthis o non so che altro... Grazie ciao

[GERONIMO*]

ciao
scusa ma finita la scansione con malwarebytese cliccando su Rimuovi selezionati
non te li sposta in quarantena?
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Nessuna azione intrapresa.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Spostato in quarantena ed eliminato con successo.

[Or4colo]

ciao
in effetti ho cancellato i file infetti con malware byte riavviato il pc e ho fatto un'altra scansione e non li ha più ritrovati.
Grande Geronimo dovremmo essere a posto no????
ciao buona serata