Sorpresa!
Ho acceso il PC e al posto dello sfondo, sul desktop mi appare una bella pagina nera con un testo in inglese che mi dice di aver rintracciato spyware ed altre maliciuos task sul mio PC e mi dice di cliccare sul link per scansionare il PC (la pagina non riporta alcun logo che mi faccia pensare a un produttore di SW). Essendo disconnesso da Internet ho comunque cliccato sul link per vedere a cosa cercava di collegarsi; si tratta di una pagina di www.antispyware.com.
Inoltre, nella barra delle appicazioni si è attivata un icona triangolare gialla con punto esclamativo nero che è legata alla schermata nera di cui sopra e rimanda allo stesso link. Ho provato a scansionare il pc con:
MCAFEE antivirus
AVG antivirus
AD AWARE
Micorsoft Antispyware beta version.
Nessun risultato.
Ho rimosso la schermata nera che era posizionata in: \\Windows\web\desktop.html ma lo sfondo non è possibile riattivarlo. lo il desktop risulta bianco.

Boh, mi sono perso...potete suggerirmi qualche azione efficace o qualche prodotto che sia aggiornato per l'eliminazione di questo problema?
Grazie
Michele
Grazie.

ciao,scusami,nn ti so aiutare...Nn sn 1esperto,alfonso presto ti rispondera.solo 1cosa...Ma hai due antivirus??Mcafee e avg installati! Nn si contrastano?Cmq proverei a scansionare cn stinger e pest patrol,cmq ascolta i piu esperti.Ciao

Alfonso,
ho eseguito AD-AWARE un paio di volte e tutto ok. Spybot invece mi continua a segnalare questi tre inserimenti:
DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-21-1331985754-1505631115-3244229659-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Dice di averli eliminati, ma all'esecuzione seguente si ripresentano puntualmente (ho provato circa 15 volte)

Ti allego comunque il log Hijackthis, grazie.
Logfile of HijackThis v1.99.0
Scan saved at 0.15.17, on 17/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [UStorage] c:\programmi\u-storage tools2.1\ustorage.exe sys_auto_run C:\Programmi\U-Storage Tools2.1
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Programmi\Internet Explorer\setup.exe /LASTSCAN
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O23 - Service: Aluria Security Center Spyware Eliminator Service - Unknown - C:\Programmi\Aluria.exe (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AMD PowerNow! (tm) Technology Service - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ok, ho allegato il log fatto in modalità normale. Ne approfitto per segnalarti un'altro problema meno grave causato dall'intrusione. Il desktop risulta completamente bianco; in realta penso sia una pagina html sovrapposta all'immagine dello sfondo. Se col tasto destro del mouse vado su proprietà trovo il seguente percorso: file://C:\WINDOWS\Web\desktop.html. Il problema è che seguendo questo percorso non ho trovato desktop.html. C'è un modo per riavere il mio sfondo?

Ecco il log:
Logfile of HijackThis v1.99.0
Scan saved at 22.05.06, on 17/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Program Files\AMD\PowerNow!\gemback.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\programmi\u-storage tools2.1\ustorage.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [UStorage] c:\programmi\u-storage tools2.1\ustorage.exe sys_auto_run C:\Programmi\U-Storage Tools2.1
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Programmi\Internet Explorer\setup.exe /LASTSCAN
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O23 - Service: Aluria Security Center Spyware Eliminator Service - Unknown - C:\Programmi\Aluria.exe (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AMD PowerNow! (tm) Technology Service - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe