salve sono aggredito dai virus. i sintomi sono firewall di windows (xp) che si disattiva da solo e l'icona della clessidra non sparisce mai. inoltre mi compaiono frequenti messaggi di errore tipo "runtime error".
accludo qui di seguito il log della scansione che ho appena fatto con anti-malware...
(ho fatto ripulire i file infetti e riavviato il pc, ma i problemi persistono)
grazie per l'aiuto


Malwarebytes' Anti-Malware 1.44
Versione del database: 3641
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26/01/2010 21.37.19
mbam-log-2010-01-26 (21-37-19).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 174993
Tempo trascorso: 1 hour(s), 26 minute(s), 3 second(s)

Processi delle memoria infetti: 2
Moduli della memoria infetti: 2
Chiavi di registro infette: 14
Valori di registro infetti: 2
Elementi dato del registro infetti: 2
Cartelle infette: 6
File infetti: 40

Processi delle memoria infetti:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Moduli della memoria infetti:
C:\WINDOWS\kiftmsns.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Programmi\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeekService Service (Adware.SeekService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kiftmsns.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-8322549009-9918272839-400359042-1140\wnzip32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-2869011789-3823958974-714977402-5257\wnzip32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Programmi\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Programmi\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\Seekeen (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

File infetti:
C:\WINDOWS\kiftmsns.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\bwhb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\iexeyn.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\kjus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\kovy.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\vitbtmc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\yljxsdn.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\scvhost.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\sptcv.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fp8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fp1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fp4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fp5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\InstModule.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\dllhosts.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\ntexplore.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fp9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fqc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\Fqd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Impostazioni locali\Temp\fsc44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\SeekService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8322549009-9918272839-400359042-1140\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Programmi\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Programmi\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Programmi\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kumar\Menu Avvio\Programmi\Esecuzione automatica\8614335.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Segui esattamente nell'ordine indicato la Guida alla disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1599737) allegando tutti i log prodotti in un'unico post secondo le sottoindicate modalità, grazie per la collaborazione.

Modalità di pubblicazione dei log:

Ogni singolo log, esclusivamente in formato .txt a parte SynInspector .xml, deve essere hostato nell'ordine indicato in Guida su uno dei server remoti elencati nelle Regole di sezione (http://www.hwupgrade.it/forum/showthread.php?t=1751598).

una domanda:
ma hai anche l' anivirus disattvato?
se si vai qui e scarica single pc remover tool bdtools.net
che av hai?
ciaoo se ti serve aiuto sono qui.
percaso ti fa un sacco di errore mentre lo spegni?
ciaoo

una domanda:
ma hai anche l' anivirus disattvato?
se si vai qui e scarica single pc remover tool bdtools.net
che av hai?
ciaoo se ti serve aiuto sono qui.
percaso ti fa un sacco di errore mentre lo spegni?
ciaoo
sicuramente ce lo avrà vista la presenza di vundo e troja_downloader e fakealert :asd:
cerchiamo di ricevere più dati possibile da un pc per poi debellare già da subito in maniera semplice il 90% delle possibilità e con l'analisi dei dati ricavati coprire il 10% restante.
per fare questo però non basta un solo programma come quello da te proposto, ma serve un mix di programmi che diano insieme uno spettro d'efficacia più ampio possibile e che formino un intervento stratificato ;)