Ciao a tutti,
vi allego il log di Hijack, mi date una mano? Grazie!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9.22.07, on 02/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\WgaTray.exe
C:\MBW\mbw.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\salascol1\Documenti\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min /ns
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01ECF5CD-3940-4084-92A8-D0072C4CE45C}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{01ECF5CD-3940-4084-92A8-D0072C4CE45C}: NameServer = 151.99.125.1
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O24 - Desktop Component 0: (no name) - http://images.alice.it/sg/sportuni/upload/ros/0001/rossi49.jpg

--
End of file - 4979 bytes

il log non presenta particolari problemi... fai una scansione con mbam cosi' vediamo se rileva qualcosa:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.

Dopo aver passato Malwarebytes' ecco il log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4266

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/07/2010 12.56.07
mbam-log-2010-07-02 (12-56-07).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 147204
Tempo trascorso: 42 minuti, 37 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Voci infette nei dati di registro: 2
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Dopo ComboFix

ComboFix 10-07-06.03 - salascol1 07/07/2010 11.44.01.1.1 - x86
Eseguito da: c:\documents and settings\salascol1\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00C8-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\command
c:\windows\desktop
c:\windows\system\Color
c:\windows\system32\csftxctl.ocx

.
((((((((((((((((((((((((( Files Creati Da 2010-06-07 al 2010-07-07 )))))))))))))))))))))))))))))))))))
.

2010-06-22 08:20 . 2010-06-22 08:20 -------- d-----w- c:\documents and settings\salascol1\Dati applicazioni\Malwarebytes
2010-06-22 08:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-22 08:20 . 2010-06-22 08:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-22 08:20 . 2010-06-22 08:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-22 08:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 07:10 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 09:39 . 2006-11-25 16:00 -------- d-----w- c:\documents and settings\salascol1\Dati applicazioni\Lavasoft
2010-06-23 18:04 . 2004-08-30 20:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-06-23 18:04 . 2004-08-30 20:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-06-22 09:38 . 2006-12-24 08:40 -------- d-----w- c:\programmi\Google
2010-06-17 08:57 . 2006-01-27 07:53 19208 ----a-w- c:\documents and settings\salascol1\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-05 07:19 . 2010-05-20 15:52 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-03 08:04 . 2008-10-20 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2010-06-03 08:04 . 2008-05-30 09:25 -------- d-----w- c:\documents and settings\salascol1\Dati applicazioni\TeamViewer
2010-06-03 07:59 . 2010-06-03 07:59 -------- d-----w- c:\documents and settings\salascol1\Dati applicazioni\FIXIO PC Utilities
2010-06-03 07:58 . 2010-06-03 07:58 -------- d-----w- c:\programmi\FIXIO PC Utilities
2010-05-26 10:05 . 2010-01-08 08:32 1 ----a-w- c:\documents and settings\salascol1\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-25 08:56 . 2010-05-25 08:56 -------- d-----w- c:\programmi\CCleaner
2010-05-25 08:56 . 2010-05-25 08:56 -------- d-----w- c:\documents and settings\salascol1\Dati applicazioni\Yahoo!
2010-05-06 10:32 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-30 20:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-30 20:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-03-12 11:18 . 2004-03-12 11:18 11267 -c-ha-w- c:\programmi\folder.htt
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-07 36864]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-04-10 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\salascol1\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\genwin\\webmanag.exe"=
"c:\\MBW\\mbw.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: {01ECF5CD-3940-4084-92A8-D0072C4CE45C} = 151.99.125.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 11:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1972579041-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,dd,52,21,be,6d,5d,dd,65,08,55,01,da,a2,54,6b,32,8f,8e,fe,c9,36,11,
43,70,53,d5,94,51,16,d5,eb,f4,ec,2e,bd,1c,1d,f0,aa,b2,29,4c,02,4a,9e,b9,7d,\
"??"=hex:f8,fd,6e,8a,1e,1d,9b,a0,48,98,7a,4f,95,e5,3a,5e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-07-07 12:03:13
ComboFix-quarantined-files.txt 2010-07-07 10:03

Pre-Run: 56.922.716.672 byte disponibili
Post-Run: 57.228.010.496 byte disponibili

- - End Of File - - 4F0812220A46BA76D6E2EED43EBB373B

Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia in automatico, riavvialo tu, manualmente.
Posta il log aggiornato di combofix.

Riferisci se riscontri problemi.

Problemi?

@ r16

Tutto risolto, il pc va bene e non mostra la lentezza di prima.

Grazie!!!