Spyware che cambia la home

[rocco.g]

ciao,
ieri mi sono imbattutto in uno spyware piuttosto rompiscatole.
Di solito gli spyware li rimuovo con ad-aware, e la cosa sembra funziona bene, perchè li rimuove proprio tutti. Questa volta invece, non solo non è riuscito a rimuovere lo spyware, ma lo spyware in questione è riuscito a modificarmi la home page, ed il bello è che andando a opzioni internet per rimetterla a posto, ho notato che non si può più fare perchè i pulsanti che permettono di cambiarla sono in grigetto, cioè sono disattivati. Nno avevo mai visto uno spyware che ti disattiva i pulsanti...
credo che per rimuoverlo bisogna agire sul registro, ma non conosco la chiave da modificare... mi proponete un prog o un metodo per risolvere la situazione...?

[enterpris]

Prova anche a fare uno scan Spybot e vedi che ti dice; se va male posta il solito log di Hijackthis.

[antares11]

Originariamente inviato da rocco.g
ciao,
..............................
Di solito gli spyware li rimuovo con ad-aware, e la cosa sembra funziona bene, perchè li rimuove proprio tutti...................
mi proponete un prog o un metodo per risolvere la situazione...?

giustamente sembra ma non sempre è così anche se ad-aware è molto buono e affidabile
anche spybot s&d è buono e affidabile ma non adeguatamente supportato
è consigliabile cmq scansionare con entrambi

detto questo, ecco altri 2 tools che risolvono a turno parecchie situazioni: e fanno bene il loro lavoro o cmq danno info utili alla rimozione del malware
- Webroot Spy Sweeper
- Pest Patrol

[http://www.spywarewarrior.com/rogue_anti-spyware.htm] in basso
sarebbe opportuno che si prendesse la buona abitudine di almeno provare con la loro scansione free (online o meno) una-tantum

[rocco.g]

purtroppo la scansione on line non la posso fare dato che ho un 56k, ho fatto la scansione con spybot e mi ha trovato un mare di spyware assurdi che ad-aware non mi trovava...

vediamo che succede...

[rocco.g]

allora mi ha trovato 38 files infetti
cosa che ad-aware non faceva, tuttavia anche se ho eseguito le scansione due volte ed ho riavviato, il problema persiste, guardate voi stessi:

[rocco.g]

ah io uso ie6, è forse questo il problema ?

[enterpris]

Dopo aver fatto la scansione hai fatto la procedura di "pulizia" selezionando i files da eliminare?
Prova a postare il log di Spybot...

[rocco.g]

eccotelo...

codice:

--- Search result list ---

--- Spybot - Search && Destroy version: 1.3  ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) 
 / DataAccess: Microsoft Data Access Components KB870669
 / Windows XP / SP1: Windows XP Hotfix - KB823980
 / Windows XP / SP1 / Q307869: Windows XP Hotfix (SP1) [See Q307869 for more information]
 / Windows XP / SP1 / Q308210: Windows XP Hotfix (SP1) [See Q308210 for more information]
 / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311542 for more information]
 / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312370 for more information]
 / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q320174 for more information]
 / Windows XP / SP2: Aggiornamento rapido per Windows XP - KB835732


--- Startup entries list ---
Located: HK_LM:Run, AHQInit
command: C:\Programmi\Creative\SBLive\Program\AHQInit.exe
   file: C:\Programmi\Creative\SBLive\Program\AHQInit.exe
   size: 102400
    MD5: a92a1e030d09d52ea0eb11bde231a34e

Located: HK_LM:Run, ccApp
command: "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
   file: C:\Programmi\File comuni\Symantec Shared\ccApp.exe
   size: 54296
    MD5: ace91f1db4e08fa62c758adf2390c07e

Located: HK_LM:Run, ccRegVfy
command: "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
   file: C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe
   size: 58392
    MD5: 8ab27947c7c2b3388f15ce7c3d595050

Located: HK_LM:Run, DU Meter
command: C:\DU Meter\DUMeter.exe
   file: C:\DU Meter\DUMeter.exe
   size: 1297920
    MD5: c1768b8cc9057cc9ab9fb889bc143b8f

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
   file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
   size: 188416
    MD5: 2cec0358aeaf3d34e7faee85ed55e9eb

Located: HK_LM:Run, InCD
command: C:\Programmi\Ahead\InCD\InCD.exe
   file: C:\Programmi\Ahead\InCD\InCD.exe
   size: 1101824
    MD5: 10123e660a81f92c7827d2474299f20a

Located: HK_LM:Run, LWBMOUSE
command: C:\Programmi\Tech\Wheel Mouse\5.2\MOUSE32A.EXE
   file: C:\Programmi\Tech\Wheel Mouse\5.2\MOUSE32A.EXE
   size: 357376
    MD5: 13be264551e9ae48906c16fbe870edb3

Located: HK_LM:Run, MessengerPlus3
command: "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
   file: C:\Programmi\Messenger Plus! 3\MsgPlus.exe
   size: 163840
    MD5: f0b53e5530de449de5f650ce5907fe89

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
   file: C:\WINDOWS\system32\NeroCheck.exe
   size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   file: C:\WINDOWS\system32\RUNDLL32.EXE
   size: 31744
    MD5: cc334a046437eaba500e4fb2b5f2dc4a

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
   file: C:\WINDOWS\system32\RUNDLL32.EXE
   size: 31744
    MD5: cc334a046437eaba500e4fb2b5f2dc4a

Located: HK_LM:Run, TkBellExe
command: C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\Updreg.exe
   file: C:\WINDOWS\Updreg.exe
   size: 90112
    MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\System32\ctfmon.exe
   file: C:\WINDOWS\System32\ctfmon.exe
   size: 13312
    MD5: 9e907ffd27e55a7c8b85843ed22767a7

Located: HK_CU:Run, MessengerPlus3
command: "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
   file: C:\Programmi\Messenger Plus! 3\MsgPlus.exe
   size: 163840
    MD5: f0b53e5530de449de5f650ce5907fe89

Located: HK_CU:Run, msnmsgr
command: "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
   file: C:\Programmi\MSN Messenger\msnmsgr.exe
   size: 4882432
    MD5: f914c780dc4a3eb6eec812f0dddc0e3a

Located: HK_CU:Run, SpySweeper
command: "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
   file: C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
   size: 3209728
    MD5: 80dc5c8345a282edf5165b793eeafd93

Located: Esecuzione automatica (comune), Adobe Gamma Loader.lnk
command: C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
   file: C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
   size: 113664
    MD5: c2ff17734176cd15221c10044ef0ba1a



--- Browser helper object list ---
{00C6482D-C502-44C8-8409-FCE54AD9C208} (HelperObject Class)
          BHO name: 
        CLSID name: HelperObject Class
       description: SnagIt
    classification: Legitimate
    known filename: SnagItBHO.dll
         info link: http://www.techsmith.com/products/snagit/default.asp
       info source: TonyKlein
              Path: C:\Programmi\TechSmith\SnagIt 7\
         Long name:      SnagItBHO.dll
        Short name:       SNAGIT~3.DLL
    Date (created): 30/05/2004 14:35:48
Date (last access): 01/09/2004 13:28:40
 Date (last write): 26/01/2004 7:03:00
          Filesize:              49152
        Attributes:           archive 
               MD5: 976B90AA69BB1C5015F6412D7D0BFA2B
             CRC32:           C8A5D218
           Version:            0.1.0.0

{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
          BHO name: myBar BHO
        CLSID name: myBar BHO
       description: MyWay.MyBar
    classification: Confirmed as malware
    known filename: Mybar.dll
         info link: http://bfc.myway.com/soft/promo/id/myspeedbar.html
       info source: TonyKlein
              Path: C:\Programmi\MyWay\myBar\1.bin\
         Long name:          MYBAR.DLL
        Short name:                   
    Date (created): 30/05/2004 16:12:18
Date (last access): 01/09/2004 13:28:40
 Date (last write): 30/05/2004 16:12:18
          Filesize:             221184
        Attributes:           archive 
               MD5: DF2E72893275F6F2E3C9AD855EF14914
             CRC32:           114D158A
           Version:            0.1.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
          BHO name: 
        CLSID name: 
       description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
         info link: http://spybot.eon.net.au/
       info source: Patrick M. Kolla
              Path: C:\PROGRA~1\SPYBOT~1\
         Long name:       SDHelper.dll
        Short name:                   
    Date (created): 12/05/2004 1:03:00
Date (last access): 01/09/2004 13:20:38
 Date (last write): 12/05/2004 1:03:00
          Filesize:             744960
        Attributes:           archive 
               MD5: ABF5BA518C6A5ED104496FF42D19AD88
             CRC32:           5587736E
           Version:            0.1.0.3

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
          BHO name: NAV Helper
        CLSID name: CNavExtBho Class
       description: Norton Antivirus
    classification: Legitimate
    known filename: NavShExt.dll
         info link: http://www.symantec.com/nav/nav_9xnt/
       info source: TonyKlein
              Path: C:\Programmi\Norton AntiVirus\
         Long name:       NAVSHEXT.DLL
        Short name:                   
    Date (created): 30/05/2004 13:17:42
Date (last access): 01/09/2004 13:28:40
 Date (last write): 15/11/2002 0:09:06
          Filesize:             112248
        Attributes:           archive 
               MD5: 988409CE6ED638AAFDBECFB6EC863F4F
             CRC32:           04DD2C8F
           Version:            0.9.0.5



--- ActiveX list ---
{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
          DPF name: 
        CLSID name: EPUImageControl Class
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:  EPUWALcontrol.dll
        Short name:       EPUWAL~1.DLL
    Date (created): 13/08/2004 18:10:50
Date (last access): 01/09/2004 12:11:46
 Date (last write): 13/08/2004 18:10:50
          Filesize:             894544
        Attributes:           archive 
               MD5: 540A29546F451463084FB90486271620
             CRC32:           8A4BE0F3
           Version:            0.1.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02)
          DPF name: Java Runtime Environment 1.4.1_02
        CLSID name: Java Plug-in 1.4.1_02
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Programmi\Java\j2re1.4.1_02\bin\
         Long name:    NPJPI141_02.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 30/05/2004 14:14:42
Date (last access): 31/08/2004 15:51:50
 Date (last write): 20/02/2003 16:42:34
          Filesize:              61553
        Attributes:           archive 
               MD5: E4EFF4ADF1367AA79815A9061E64C0D9
             CRC32:           A0446F8E
           Version:            0.1.0.4

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
          DPF name: 
        CLSID name: MessengerStatsClient Class
              Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
         Long name: messengerstatsclient.dll
        Short name:       MESSEN~1.DLL
    Date (created): 29/05/2003 15:00:20
Date (last access): 14/06/2004 0:24:58
 Date (last write): 29/05/2003 15:00:20
          Filesize:             160864
        Attributes:           archive 
               MD5: B069B555A00AA026F657AA4FD13AE154
             CRC32:           89BB01E1
           Version:            0.7.0.1

{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
          DPF name: 
        CLSID name: Update Class
       description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\System32\
         Long name:          iuctl.dll
        Short name:                   
    Date (created): 25/08/2003 18:06:50
Date (last access): 03/08/2004 14:25:42
 Date (last write): 25/08/2003 18:06:50
          Filesize:             115808
        Attributes:           archive 
               MD5: 8757E24D6B002FD7E9EF3A6DF697BA57
             CRC32:           C4F85003
           Version:            0.5.0.4

{AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
          DPF name: 
        CLSID name: HeartbeatCtl Class
              Path: C:\WINDOWS\DOWNLO~1\CONFLICT.1\
         Long name:        hrtbeat.ocx
        Short name:                   
    Date (created): 18/09/2001 18:37:48
Date (last access): 27/06/2004 14:44:48
 Date (last write): 18/09/2001 18:37:48
          Filesize:             101451
        Attributes:           archive 
               MD5: 06DDD56BB43CB6FDA26C9D65396EDA78
             CRC32:           8BFE3040
           Version:            0.6.0.2

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
          DPF name: Java Runtime Environment 1.4.1_02
        CLSID name: Java Plug-in 1.4.1_02
              Path: C:\Programmi\Java\j2re1.4.1_02\bin\
         Long name:    NPJPI141_02.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 30/05/2004 14:14:42
Date (last access): 01/09/2004 13:35:14
 Date (last write): 20/02/2003 16:42:34
          Filesize:              61553
        Attributes:           archive 
               MD5: E4EFF4ADF1367AA79815A9061E64C0D9
             CRC32:           A0446F8E
           Version:            0.1.0.4

[rocco.g]

continua ancora...

codice:

--- Process list ---
Spybot - Search && Destroy process list report, 01/09/2004 13:35:12

PID:    0 (   0) [System]
PID:    4 (   0) System
PID:  196 ( 700) C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
PID:  436 (   4) \SystemRoot\System32\smss.exe
PID:  500 ( 436) \??\C:\WINDOWS\system32\csrss.exe
PID:  524 ( 436) \??\C:\WINDOWS\system32\winlogon.exe
PID:  568 ( 524) C:\WINDOWS\system32\services.exe
PID:  572 ( 700) C:\Programmi\MSN Messenger\msnmsgr.exe
PID:  580 ( 524) C:\WINDOWS\system32\lsass.exe
PID:  700 ( 504) C:\WINDOWS\Explorer.EXE
PID:  856 ( 568) C:\WINDOWS\system32\svchost.exe
PID:  908 ( 568) C:\WINDOWS\System32\svchost.exe
PID: 1040 ( 568) C:\WINDOWS\System32\svchost.exe
PID: 1052 (1040) C:\WINDOWS\System32\devldr32.exe
PID: 1072 ( 568) C:\WINDOWS\System32\svchost.exe
PID: 1088 (3576) C:\Programmi\Internet Explorer\iexplore.exe
PID: 1160 ( 568) C:\WINDOWS\system32\spoolsv.exe
PID: 1192 ( 568) C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
PID: 1328 ( 568) C:\WINDOWS\System32\CTsvcCDA.EXE
PID: 1360 ( 568) C:\WINDOWS\System32\inetsrv\inetinfo.exe
PID: 1376 ( 568) C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
PID: 1388 ( 568) C:\WINDOWS\System32\nvsvc32.exe
PID: 1424 ( 700) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
PID: 1460 ( 700) C:\Programmi\Tech\Wheel Mouse\5.2\MOUSE32A.EXE
PID: 1464 ( 568) C:\WINDOWS\System32\svchost.exe
PID: 1492 ( 700) C:\DU Meter\DUMeter.exe
PID: 1528 ( 700) C:\Programmi\File comuni\Symantec Shared\ccApp.exe
PID: 1576 ( 568) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 1716 ( 700) C:\Programmi\Messenger Plus! 3\MsgPlus.exe
PID: 1768 ( 700) C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
PID: 1796 ( 700) C:\Programmi\Ahead\InCD\InCD.exe
PID: 1812 ( 700) C:\WINDOWS\System32\ctfmon.exe
PID: 2684 (2548) C:\PROGRA~1\DAP\DAP.EXE
PID: 3432 (3292) C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
PID: 3496 ( 856) C:\Programmi\Messenger\msmsgs.exe
PID: 3576 (1460) C:\Programmi\Outlook Express\msimn.exe
PID: 3856 ( 700) C:\Programmi\Real\RealOne Player\realplay.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 01/09/2004 13:35:12

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.whatsfind.com/page.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  1: MSAFD Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  2: MSAFD Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  3: RSVP UDP Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  4: RSVP TCP Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACDE57B7-D51C-40F7-927A-8D8118B6BCBB}] SEQPACKET 5
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol  6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACDE57B7-D51C-40F7-927A-8D8118B6BCBB}] DATAGRAM 5
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol  7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{526BEB71-F426-42B8-A90B-0A4AC540BE61}] SEQPACKET 0
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol  8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{526BEB71-F426-42B8-A90B-0A4AC540BE61}] DATAGRAM 0
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol  9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98DE0F51-C418-45AC-980F-8919342922D1}] SEQPACKET 1
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98DE0F51-C418-45AC-980F-8919342922D1}] DATAGRAM 1
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2718BFF6-5864-4437-9A89-CC3E08A60344}] SEQPACKET 2
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2718BFF6-5864-4437-9A89-CC3E08A60344}] DATAGRAM 2
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{24EB73C1-459B-49AE-AB25-84072D9E0E1F}] SEQPACKET 3
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{24EB73C1-459B-49AE-AB25-84072D9E0E1F}] DATAGRAM 3
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35C9DCE2-3E7F-4625-ABA4-6951182EFF4A}] SEQPACKET 4
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35C9DCE2-3E7F-4625-ABA4-6951182EFF4A}] DATAGRAM 4
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Namespace Provider  0: Tcpip
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  1: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS

Namespace Provider  2: Spazio dei nomi NLA (Network Location Awareness)
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

[rocco.g]

ho provato 5 programmi anti-spyware senza alcun risultato, poi mi è venuto in mente di scaricare l'ultima versione di ad-aware personal edition, ho fatto la scansione e mi ha ripulito tutto completamente!

ho risolto tutto, meno male