ho dei problemi ovvero,non trovo "RISORSE DEL COMPUTER" e siccome non sapevo come disattivarlo l'ho cercato su internet xk su aiutamici non lo trovavo, allora ho fixato senza disattivare il punto di ripristino perchè poi ho trovato "risorse del computer" ma non mi spuntava la scheda del ripristino xk non entro come amministratore e già questa cosa non la capisco ocme dovrei fare x entrare come amministratore?, poi dopo aver fixato, poi volevo cercare quei file infetti, e non vedo il "TROVA" ma cosa sta succedendo??? sono in ansia da morire HELPMEEEEE

si ma quando schiaccio su START non trovo la funzione TROVA come faccio a eliminare quei 2 file?

Ripeto: fai la scansione di Virit .
E dopo posta il log.
anche uno nuovo di HijackThis .

in vista: start-->tutti i programmi-->accessori-->utilità di sistema-->ripristino config....

oppure: start-->pannello di controllo-->sistema-->protezione sistema

ComboFix 08-08-08.07 - Marco 2008-08-09 14.01.45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.388 [GMT 2:00]
Eseguito da: C:\Users\Marco\Documents\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-07-09 al 2008-08-09 )))))))))))))))))))))))))))))))))))
.

2008-08-08 20:22 . 2008-03-17 19:23 39,808 --a------ C:\Windows\System32\drivers\VIRAGTLT.SYS
2008-08-08 20:21 . 2008-08-09 12:24 <DIR> d-------- C:\VEXPLITE
2008-08-08 13:40 . 2008-08-08 13:40 <DIR> d-------- C:\PerfLogs
2008-08-08 12:40 . 2008-08-08 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 00:36 . 2008-08-08 00:36 <DIR> d-------- C:\Program Files\CCleaner
2008-08-02 21:46 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-08-02 21:45 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-08-02 21:44 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-08-02 21:43 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-08-02 21:42 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-08-02 21:40 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-08-02 21:39 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-08-02 21:39 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-08-02 21:36 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-08-02 21:36 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-08-02 21:33 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-08-02 21:33 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-08-02 21:33 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-08-02 21:33 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-08-01 09:03 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-01 09:03 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-08-01 09:03 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-01 09:03 . 2008-01-19 09:35 2,643,456 --a------ C:\Windows\System32\NlsData000c.dll
2008-08-01 09:03 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-16 12:48 . 2008-07-23 22:32 <DIR> d-------- C:\Users\Marco\mie sOnG!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 11:45 --------- d-----w C:\Users\Marco\AppData\Roaming\AVG7
2008-08-08 11:54 174 --sha-w C:\Program Files\desktop.ini
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Mail
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Journal
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Defender
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-08 11:44 --------- d-----w C:\Program Files\Windows Calendar
2008-08-08 11:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-08 11:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-07 23:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-07 23:53 --------- d-----w C:\Program Files\Everest Poker.net
2008-08-07 23:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-06 17:31 --------- d-----w C:\Program Files\eMule
2008-08-02 19:46 4 --sha-w C:\Windows\Fonts\ARIAL.TCX
2008-08-02 00:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-18 19:46 --------- d-----w C:\Users\Marco\AppData\Roaming\DVD Flick
2008-07-11 12:13 --------- d-----w C:\Program Files\Windows Live
2008-07-11 12:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-11 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 12:11 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-06 07:54 --------- d-----w C:\Program Files\iFoxSoft
2008-06-29 22:52 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-06-24 23:27 --------- d-----w C:\Program Files\Nokia
2008-06-24 23:25 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-24 23:24 --------- d-----w C:\ProgramData\Installations
2008-06-24 23:11 --------- d-----w C:\Users\Marco\AppData\Roaming\Nokia
2008-06-24 23:08 --------- d-----w C:\Users\Marco\AppData\Roaming\Nokia Multimedia Player
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:35 579584]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-08-08 20:24 245760]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-24 00:51 4435968 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-14 00:36 1822720 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 11:05 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FreePOPs.lnk - C:\Program Files\FreePOPs\freepopsd.exe [2007-11-17 17:25:16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-01-10 11:00 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3461380361-3916217333-806040310-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{420F1B7A-5344-4D94-85A0-3E0531689767}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A84FC36D-B7D8-451B-86DA-E7D924E88930}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{DF96124E-BB35-4018-A869-2A4CF01E3AAA}"= TCP:4672:Emule UDP
"{5AFA74E0-3DB6-48A6-BAC1-612D8FAD0EA8}"= UDP:4662:Emule TCP
"{9710076C-4179-458D-92D2-431A0458B644}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F9AA9B36-AC07-4A81-B883-3BA415984441}"= UDP:C:\Program Files\FreePOPs\freepopsd.exe:FreePOPs
"{E5DC226B-F7A2-4362-B1CE-497DA98591A9}"= TCP:C:\Program Files\FreePOPs\freepopsd.exe:FreePOPs
"{99217647-74B7-4060-9C04-055EAA493D86}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9570C4C0-B3C5-412F-ACD6-CF09B6F2AB49}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{40347A36-1F44-42EF-A910-0C67321880D5}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{20F24DC4-BECF-4F89-AD3A-EAFA4F516F4F}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{F6B9B592-BE78-4959-9A92-14A3E0626362}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{20874C13-5A95-4E58-85A4-B8E8331CF5C4}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3740886E-2BB9-4147-8BB1-316BB1FA083E}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-18 05:22]
R0 VIRAGTLT;VIRAGTLT;C:\Windows\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\Windows\system32\DRIVERS\xfilt.sys [2006-10-19 02:39]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-08-08 20:24]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 13:04]
S3 digitran;Microsoft Input Tablet;C:\Windows\system32\drivers\digitran.sys [2007-01-10 09:35]
S4 smscir;SMSCIR Infrared Receiver;C:\Windows\system32\drivers\smscir.sys [2007-01-09 07:00]
S4 vhiddigi;Microsoft HID Digitizer Driver;C:\Windows\system32\drivers\vhiddigi.sys [2007-01-10 09:35]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-08 C:\Windows\Tasks\User_Feed_Synchronization-{D7B70733-77C3-4D66-8CEB-0CB058008DFB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.it/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 14:05:01
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-09 14:06:48
ComboFix-quarantined-files.txt 2008-08-09 12:06:09

Pre-Run: 196,078,538,752 byte disponibili
Post-Run: 196,049,551,360 byte disponibili

155 --- E O F --- 2008-08-09 01:01:56

quei 2 file non riesco a cercarli ...perchè sul mio WINDOWS VISTA no ntrovo la funzione "TROVA"...
ho provato a cercare i 2 file manualmente ma non trovo la cartella ProgramData
CMQ SI CON VIRIT L'HO FATTA...ma è risultato tutto a posto nessun file infetto...
cmq il pc va come se fosse nuovo..va da dio...però ora vgl capire se quei 2 file li ho eliminati definitavamente

per JKL: ti ho risposto nel post che hai messo in altra sezione in merito alla funzione "trova"....