Ho eseguito tutte le tue istruzioni ,ora sono pronto a postare i risultati della scansione con Norman Malware. Mi pare di notare già qualche miglioramento, specie per quanto riguarda le prestazioni. E quindi ti ringrazio per l'aiuto.
Ciao.


Norman Malware Cleaner
Copyright ? 1990 - 2008, Norman ASA. Built 2009/01/16 07:12:29

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2009/01/16 07:12:29, Variants: 2538985

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2, v.2135
Logged on user: MICROSOF-F2F4DE\Administrator

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "avgrsstx.dll" -> ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoFolderOptions = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispAppearancePage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispBackgroundPage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispScrSavPage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = ""

Scan started: 17/01/2009 12:54:22


Scanning running processes and process memory...

Number of processes/threads found: 466
Number of processes/threads scanned: 466
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 21s


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*

D:\BSINSTALL.exe (Infected with SaveNow.IP)
Deleted file

D:\SetupCasino.exe (Infected with W32/Banker.DWED)
Deleted file

D:\Casino online\SetupCasino.exe (Infected with W32/Banker.DWED)
Deleted file

D:\RECYCLER\S-1-5-21-527237240-1563985344-854245398-500\Dd1\eclbp323.zip/Babylon.Pro.exe (Infected with W32/Smalltroj.INWE)
Deleted file

D:\System Volume Information\_restore{56030D2B-B7BC-4A2C-B2F4-C5C557E645AE}\RP8\A0009619.exe (Infected with SaveNow.IP)
Deleted file

D:\System Volume Information\_restore{56030D2B-B7BC-4A2C-B2F4-C5C557E645AE}\RP8\A0009621.exe (Infected with W32/Banker.DWED)
Deleted file

D:\System Volume Information\_restore{56030D2B-B7BC-4A2C-B2F4-C5C557E645AE}\RP8\A0009687.exe (Infected with W32/Banker.DWED)
Deleted file

D:\System Volume Information\_restore{6D3D728D-C372-4FD1-86BD-E0AF4254E3C5}\RP27\A0002618.exe (Infected with SaveNow.AAK)
Deleted file

D:\System Volume Information\_restore{C8EAD1ED-1BEF-4F60-AE87-AAB2B79B9D03}\RP8\A0000317.exe (Infected with SaveNow.IP)
Deleted file

Scanning: d:\System Volume Information\*.*


Running post-scan cleanup routine:
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoFolderOptions = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispAppearancePage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispBackgroundPage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispScrSavPage = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = ""
Failed to remove registry value (0x00000005): HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = ""

Number of files found: 84672
Number of archives unpacked: 331
Number of files scanned: 84600
Number of files not scanned: 72
Number of files skipped due to exclude list: 0
Number of infected files found: 9
Number of infected files repaired/deleted: 9
Number of infections removed: 9
Total scanning time: 37m 55s

Ti posto il log di combofix.
Grazie per l'aiuto ciao.

ComboFix 09-01-16.04 - Administrator 2009-01-17 23.11.14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.767.464 [GMT 7:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-16 23:50 . 2009-01-16 23:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TrueCrypt
2009-01-16 23:48 . 2009-01-16 23:48 <DIR> d-------- c:\program files\TrueCrypt
2009-01-16 23:48 . 2009-01-16 23:48 215,872 --a------ c:\windows\system32\drivers\truecrypt.sys
2009-01-16 14:19 . 2009-01-16 14:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-16 13:25 . 2009-01-17 13:38 <DIR> d-------- c:\program files\MetFileRegenerator
2009-01-16 12:38 . 2009-01-17 13:39 <DIR> d-------- c:\program files\eMule
2009-01-11 15:18 . 2009-01-11 15:18 <DIR> d-------- c:\program files\directx
2009-01-11 15:07 . 2009-01-11 15:07 <DIR> d-------- c:\program files\LucasArts
2009-01-11 04:04 . 2009-01-11 04:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-01-11 04:04 . 2009-01-11 04:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-01-11 04:03 . 2009-01-11 04:03 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-11 04:03 . 2009-01-11 04:03 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-11 04:03 . 2009-01-11 04:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-11 04:00 . 2009-01-11 12:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-01-11 04:00 . 2009-01-11 04:00 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-05 18:12 . 2009-01-14 10:33 <DIR> d-------- c:\program files\My Lockbox
2009-01-05 18:12 . 2007-12-13 20:13 17,264 --a------ c:\windows\system32\drivers\mprifl.sys
2009-01-03 23:13 . 2009-01-03 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-01-03 23:12 . 2009-01-03 23:12 <DIR> d-------- c:\program files\Common Files\Macromedia Shared
2009-01-03 23:12 . 2009-01-03 23:12 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-01-03 23:12 . 2002-01-05 07:48 974,848 --------- c:\windows\system32\mfc70.dll
2009-01-03 23:12 . 2002-01-05 06:37 344,064 --------- c:\windows\system32\msvcr70.dll
2009-01-03 23:12 . 2002-01-05 07:10 61,440 --------- c:\windows\system32\mfc70ita.dll
2009-01-01 12:52 . 2009-01-03 23:12 <DIR> d-------- c:\program files\Macromedia
2008-12-21 11:31 . 2008-12-21 11:31 <DIR> d-------- c:\program files\AKVIS
2008-12-18 21:35 . 2009-01-16 11:54 <DIR> d-------- c:\windows\system32\dumps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 17:30 --------- d-----w c:\program files\CD Recovery Toolbox Free
2009-01-16 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-15 04:19 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-15 03:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 17:32 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-14 09:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 09:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 08:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 04:53 1,152 --sha-w C:\2j1jawta.sys
2008-12-11 05:29 --------- d-----w c:\program files\VS Revo Group
2008-12-10 09:12 --------- d-----w c:\program files\Atomic Clock
2008-12-10 05:35 --------- d-----w c:\program files\Smart Projects
2008-12-07 06:11 --------- d-----w c:\program files\YourWare Solutions
2008-12-07 06:08 --------- d-----w c:\program files\IObit
2008-12-07 06:07 --------- d-----w c:\documents and settings\Administrator\Application Data\GlarySoft
2008-12-07 06:05 --------- d-----w c:\program files\Glary Utilities
2008-11-25 05:00 --------- d-----w c:\program files\Astonsoft
2008-11-25 04:24 --------- d-----w c:\documents and settings\Administrator\Application Data\DeepBurner
2008-11-19 16:55 --------- d-----w c:\program files\Jasc Software Inc
2008-11-19 16:55 --------- d-----w c:\program files\Common Files\Jasc Software Inc
2008-11-19 16:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2008-11-17 05:08 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-03 16:44 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-05-19 14336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-19 14336]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PartMetBackup.lnk - c:\program files\Java\jre1.6.0_07\bin\javaw.exe [2008-10-19 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-15 11:19 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IDW Logging Tool.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
c:\windows\READREG [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-11-29 11:33 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 00:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-05-19 01:29 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2004-04-18 22:45 4882432 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 11:19 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DisplayTrayIcon"=c:\windows\system32\TrayIcon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\LinkCreator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-01-05 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-04 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-04 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-04 76040]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.it/
uInternet Connection Wizard,ShellNext = hxxp://www.tot.co.th/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b37eqjo7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1210541&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b37eqjo7.default\extensions\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 23:12:28
Windows 5.1.2600 Service Pack 2, v.2135 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\dssenh.dll
.
Completion time: 2009-01-17 23.13.49
ComboFix-quarantined-files.txt 2009-01-17 16:13:42
ComboFix2.txt 2009-01-17 16:06:35

Pre-Run: 14.887.608.320 bytes free
Post-Run: 14,876,131,328 bytes free

164

Ho eseguito le tue istruzioni compreso la scanzione con Hijack secondo le procedure da te indicate e non è stato rilevato nulla di anomalo.
Grazie mille per l'aiuto,

Si, l'ha fatto una volta questa mattina durante il caricamento di win.