Scusate la mia non grande esperienza di computer.Premetto che ho l'antivir F-secure e inserito ieri l'antimalware Windows-kb890830v2.4.Dato che è un po' di tempo che noto il computer non più scorrevole come dovrebbe...intoppi vari,lentezza ecc ecc difficile elencare il tutto.La scanzione con f.secure e windows-kb non dà nessun risultato,leggendo i vostri consigli ho inserito Malwarebytes,e mi dà questo:Malwarebytes' Anti-Malware 1.31
Versione del database: 1469
Windows 5.1.2600 Service Pack 2

07/12/2008 14.18.47
mbam-log-2008-12-07 (14-18-20).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 46046
Tempo trascorso: 4 minute(s), 38 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 3
File infetti: 12

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\PeDevice (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\tmp (Adware.Popups) -> No action taken.
C:\WINDOWS\SYSTEM32\bifrost (Backdoor.Bifrose) -> No action taken.

File infetti:
C:\Programmi\PeDevice\communication.xml (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\Domain.Watchlist.txt (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\pae-options.xml (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\search.watchlist.txt (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\pae_url.xml (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\watchlist.xml (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\statistic.xml (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\tmp\tmp.html (Adware.Popups) -> No action taken.
C:\Programmi\PeDevice\tmp\last_popup_content.html (Adware.Popups) -> No action taken.
C:\WINDOWS\SYSTEM32\bifrost\klog.dat (Backdoor.Bifrose) -> No action taken.
C:\Documents and Settings\Claudio\results.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\Claudio\Dati applicazioni\addon.dat (Malware.Trace) -> No action taken.
Cosa devo fe?eliminarli? Il prog windows-kb... lo elimino?Cosa mi consigliate di fare ancora?Scuasate se chiedo troppo...grazie

Ciao
Se NON conosci questo programma: PeDevice le puoi eliminare tutte.
Per eliminarle, assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati
Serve però, anche un log di HijackThis.
segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

ho rimosso i selezionati,ecco il risultato di hiackthis Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.42.25, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
C:\Programmi\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: End of entries inserted by Spybot - Search & Destroy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [TI WLAN] C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDE8BF5D-0C67-4448-81A2-8F12751DD0B9}: NameServer = 212.216.112.112,192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~2/Claudio/IMPOST~1/Temp/msoclip1/02/clip_image002.gif

--
End of file - 6166 bytes

ANALYSIS: 2008-12-07 22:05:23
PROTECTIONS: 2
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
F-Secure Antivirus 7.30 No Yes
F-Secure Internet Security 6.16 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029767 adware/delfinmedia Adware No 1 Yes No c:\windows\system32\nfomon
00040467 adware/elitebar Adware No 1 Yes No c:\windows\etb
00147218 dialer.akd Dialers No 1 Yes No c:\documents and settings\claudio\dati applicazioni\microsoft\internet explorer\quick launch\winmovieplugin.lnk
00431690 Trj/Downloader.UWR Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{6D6C1AF8-FA8D-48B8-97E9-3D444EBDB228}\RP410\A0058352.0XE
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-5a459932-54c61cf0.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-1149d5de-77cbea23.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-ede102-610eb1c6.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-5e376649-2ee83aa0.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-424097d4-286e9f1b.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-643b5965-7168a468.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-773c5a2c-2e10d1e5.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\0\4b3f1900-4d686675[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\0\4b3f1900-136c0259[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\6\7757bb86-56a771c2[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\JAVAPI\V1.0\JAR\Java.jar-2306eaa4-499a29fc.zip[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\19\da29c13-3b79777b[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\19\da29c13-34b0b634[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\33\2b484fe1-77dd203f[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\33\2b484fe1-19a81d63[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\59\4b04b87b-7dd25cbb[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\59\4b04b87b-5f698c72[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\61\7b971e3d-46470114[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\61\7b409dfd-141756af[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\61\7b971e3d-1cc258f2[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\61\7b409dfd-399bca59[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\63\467f407f-438fffee[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\63\467f407f-4282ccdd[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes No C:\Documents and Settings\Claudio\Dati applicazioni\Sun\Java\Deployment\CACHE\6.0\6\7757bb86-2be4395d[javajava/Java.class]
;===================================================================================================================================================================================
SUSPECTS
Sent Location f
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description f
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 f
184379 MEDIUM MS08-001 f
182048 HIGH MS07-069 f
182046 HIGH MS07-067 f
182043 HIGH MS07-064 f
179553 HIGH MS07-061 f
176382 HIGH MS07-057 f
176383 HIGH MS07-058 f
170911 HIGH MS07-050 f
170907 HIGH MS07-046 f
170906 HIGH MS07-045 f
170904 HIGH MS07-043 f
164915 HIGH MS07-035 f
164913 HIGH MS07-033 f
164911 HIGH MS07-031 f
160623 HIGH MS07-027 f
157262 HIGH MS07-022 f
157261 HIGH MS07-021 f
157260 HIGH MS07-020 f
157259 HIGH MS07-019 f
156477 HIGH MS07-017 f
150253 HIGH MS07-016 f
150249 HIGH MS07-013 f
150248 HIGH MS07-012 f
150247 HIGH MS07-011 f
150243 HIGH MS07-008 f
150242 HIGH MS07-007 f
150241 MEDIUM MS07-006 f
141034 HIGH MS06-076 f
141033 MEDIUM MS06-075 f
141030 HIGH MS06-072 f
137571 HIGH MS06-070 f
137568 HIGH MS06-067 f
133387 MEDIUM MS06-065 f
133386 MEDIUM MS06-064 f
133385 MEDIUM MS06-063 f
133379 HIGH MS06-057 f
131654 HIGH MS06-055 f
129977 MEDIUM MS06-053 f
129976 MEDIUM MS06-052 f
126093 HIGH MS06-051 f
126092 MEDIUM MS06-050 f
126087 HIGH MS06-046 f
126086 MEDIUM MS06-045 f
126083 HIGH MS06-042 f
126082 HIGH MS06-041 f
126081 HIGH MS06-040 f
123421 HIGH MS06-036 f
123420 HIGH MS06-035 f
120825 MEDIUM MS06-032 f
120823 MEDIUM MS06-030 f
120818 HIGH MS06-025 f
120815 HIGH MS06-022 f
120814 HIGH MS06-021 f
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
;***********************************************************************************************************************************************************************************
Scusa per il doppio post.Ho eseguito tutto,in ultimo,active scan,questo è il risultato,cosa devo fare?Scusa,ma che razza di antivirus è F-secure che non mi ha trovato niente?

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
Premo un tasto qualsiasi,poi 1 e invio,ma mi dà questo.

NO,perchè lo trovo scritto ora ma lo scarico e lo eseguo sybito.

Ho sbagliato io.(scusa)
Rifai:
Inserisci queste righe (fai capia-incolla) nel riquadro bianco: (quelle in neretto)

Folders to delete:
c:\windows\system32\nfomon
c:\windows\etb

Togli la spunta da Scan for Rootkit
Clicca su Execute
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger .

Questa volta hai sbagliato tu.
Questo è il file che ti avevo detto di copiare-incollare:
c:\windows\etb

Questo è il file che hai copiato-incollato tu:
c:\windows\et
Segui il percorso, e elimina a mano il file in rosso: (è una cartella)
c:\windows\etb
Riavvia il pc.

Mi metti in crisi.........
Comunque, disistalla f-secure.
Provvisoriamente,(per 30 giorni sei a posto) scarica questo:
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
Tieni installato Malwarebytes. (ricordati di AGGIORNARLO prima di ogni scansione.)
Poi:
Tieni installato questo antispyware:
http://www.aiutaamici.com/software?ID=11397
E fai una scansione completa (ricordati di AGGIORNARLO prima di ogni scansione.)
Cosi, hai per il momento, una protezione decente.
Vado a nanna, e vedrò domani quale antivirus consigliarti da installare definitivamente.

Scusa la mia ignoranza,ma come devo impostare virit in modalità provvisoria?