Adesso, si deve rischiare.
Dovresti cancellare quello che vedi scritto.
E dovresti metterci questa stringa: (fai il copia-incolla) con la virgola finale.

C:\WINDOWS\system32\userinit.exe,

Conferma tutto.
Riavvia il pc.
Ricontrolla, se la modifica ha avuto successo.

Per dovere di informazione, se commetti uno sbaglio, il pc non si riavvierà più.

Fatto. Sono andata a controllare ma è come se non avessi fatto nulla: c'è sempre scritto nei dati valore: userinit.exe

sisi volevo dire userinit.exe! Scusa, mi sono confusa :P

Fatto. Ecco qua:


ComboFix 11-01-29.03 - Silvia 30/01/2011 16.02.26.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.767.423 [GMT 1:00]
Eseguito da: c:\documents and settings\Silvia\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}
FW: BitDefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\dFhFnKn11000
c:\documents and settings\All Users\Dati applicazioni\dFhFnKn11000\dFhFnKn11000
c:\documents and settings\All Users\Dati applicazioni\dFhFnKn11000\dFhFnKn11000.exe
c:\documents and settings\All Users\Dati applicazioni\sysReserve.ini
c:\documents and settings\Silvia\Dati applicazioni\Desktopicon
c:\documents and settings\Silvia\Dati applicazioni\Ixhuyc
c:\documents and settings\Silvia\Dati applicazioni\Ixhuyc\loge.exe
c:\documents and settings\Silvia\Dati applicazioni\Loerac
c:\documents and settings\Silvia\Dati applicazioni\Loerac\koygk.exe
c:\documents and settings\Silvia\Dati applicazioni\Urudig
c:\documents and settings\Silvia\Dati applicazioni\Urudig\icudm.duo
c:\windows\7aed8f9b-7a59-4abd-bdbe-973bf97bf59a.ocx
c:\windows\system32\ade3a3b7-efaa-4bb6-a44e-1be50229e465.dll
c:\windows\system32\logs

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2010-12-28 al 2011-01-30 )))))))))))))))))))))))))))))))))))
.

2011-01-29 19:03 . 2011-01-29 19:03 -------- d-----w- c:\documents and settings\Silvia\Impostazioni locali\Dati applicazioni\Threat Expert
2011-01-29 18:33 . 2011-01-29 18:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-29 18:33 . 2011-01-30 00:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2011-01-29 18:33 . 2011-01-29 22:33 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\Spyware Terminator
2011-01-29 18:33 . 2011-01-30 00:29 -------- d-----w- c:\programmi\Spyware Terminator
2011-01-29 18:28 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-01-29 18:28 . 2011-01-07 13:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-01-29 18:28 . 2011-01-07 13:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-01-29 18:28 . 2011-01-07 13:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-01-29 18:25 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-29 18:25 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-29 18:25 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-29 18:25 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-29 18:25 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-29 18:24 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-29 18:24 . 2011-01-29 18:28 -------- d-----w- c:\programmi\File comuni\PC Tools
2011-01-29 18:24 . 2011-01-29 18:59 -------- d-----w- c:\programmi\PC Tools Security
2011-01-29 18:24 . 2011-01-29 18:24 -------- d-----w- c:\documents and settings\Silvia\Dati applicazioni\PC Tools
2011-01-29 18:21 . 2011-01-29 18:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2011-01-28 23:56 . 2011-01-28 23:56 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2011-01-27 22:17 . 2011-01-27 22:20 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2011-01-27 22:17 . 2011-01-27 22:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-25 21:04 . 2011-01-25 21:08 -------- d-----w- c:\programmi\Crawler
2011-01-21 09:03 . 2011-01-21 09:03 84897128 ----a-w- c:\programmi\File comuni\Windows Live\.cache\wlc17.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 10:54 . 2011-01-29 18:28 2125 ----a-w- c:\windows\UDB.zip
2010-12-21 14:19 . 2010-12-21 14:19 53248 ----a-r- c:\documents and settings\Silvia\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\programmi\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\programmi\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\programmi\DSETUP.dll
2009-03-05 16:08 . 2009-04-10 20:24 61440 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-30 20:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Logitech Vid"="c:\programmi\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-29 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\programmi\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"PCTools FGuard"="c:\programmi\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-29 2216960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
hoydir.exe [2011-1-28 146888]
nyidh.exe [2011-1-27 147400]
qiaki.exe [2011-1-28 146888]
ugma.exe [2011-1-28 146888]
wedu.exe [2011-1-28 146888]
zoubd.exe [2011-1-28 146888]

c:\documents and settings\Silvia\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-07 10:00 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Logitech\\Vid HD\\Vid.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/01/2011 19.25.07 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [29/01/2011 19.25.19 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [29/01/2011 19.25.19 656320]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29/01/2011 19.33.47 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [28/02/2010 16.36.39 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programmi\PC Tools Security\BDT\BDTUpdateService.exe [29/01/2011 19.28.20 247760]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\PC Tools Security\pctsAuxs.exe [29/01/2011 19.24.29 366840]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [27/06/2009 17.55.17 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [27/06/2009 17.55.17 105216]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2011-01-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2011-01-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2011-01-30 c:\windows\Tasks\User_Feed_Synchronization-{D69F225C-ECC7-421E-836B-8FD887739AF2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2011-01-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-27 21:18]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{ECDC465A-CF20-4B82-9A26-47C9DC52FA32} - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-NeroFilterCheck - c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 16:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1957994488-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99FB2A8E-9A74-3C63-1E4C-F7CE0929CCB4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialphaplmaldjillmj"=hex:6b,61,65,6b,69,61,68,6b,61,6c,68,6c,62,65,63,6b,66,65,
67,61,6d,67,00,00
"hafabcaeggmhhcla"=hex:6b,61,65,6b,69,61,68,6b,61,6c,68,6c,62,65,63,6b,66,65,
67,61,6d,67,00,00
"gaiaehehjhcfbb"=hex:61,63,6a,6b,6c,61,6c,6e,70,65,6e,62,65,61,6e,64,6b,6e,69,
6d,64,65,68,6d,64,6e,6a,65,67,63,6b,61,62,6d,65,65,69,6e,6b,6f,67,6a,69,61,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(632)
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
.
Ora fine scansione: 2011-01-30 16:13:50
ComboFix-quarantined-files.txt 2011-01-30 15:13

Pre-Run: 40.781.225.984 byte disponibili
Post-Run: 40.857.026.560 byte disponibili

- - End Of File - - 10A6CA5E391D29307798ECE534C705B7

mi dice "nessuna infezione trovata" !!!! :DDDDDDDD