Discussione: ragazzi help con isass.exe
View Single Post
Old 18-03-2006, 18:05   #1
trifranz1081
Member
 
L'Avatar di trifranz1081
 
Iscritto dal: Oct 2005
Messaggi: 44
ragazzi help con isass.exe
Salve,

ho da poco fatto il format sul mio pc ( che non è questo dal quale vi scrivo ) e alla prima connessione sono classicamente stato bombardato di virus, malware e chi piu ne ha piu ne metta nonostante abbia installato McAfee 8.0 (che tutt'ora non riesco ad aggiornare..)
Ora per fortuna sono riuscito a scaricare Ewido, Ad-aware e hijackthis ed un po la sit. è migliorata..
Rimane pero il problema del W32.Blaster.Worm che non riesco a debellare. Ho scaricato il removal tool della symantec ma non mi rileva nulla. Quando mi voglio collegare al sito della microsoft per scaricare gli aggiornamenti di protezione (quindi anche la protezione del blaster) la pagina non carica e mi dice "impossibile visualizzare la pagina...." mentre ad esempio google carica regolarmente.
Il problema maggiore comunque è quando mi si manifesta l'errore di Isass.exe ( che penso sia collegato al blaster ) dove il pc i va in crash e mi tocca resettare perche mi si blocca tutto..
Questa è la mia ultima scansione di hijack

Logfile of HijackThis v1.99.1
Scan saved at 18.26.32, on 18/03/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\TELECO~1\Alice\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programmi\mcafee.com\agent\mcagent.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINNT\System32\internat.exe
C:\Programmi\??stem32\??xplore.exe
C:\Programmi\VIA\RAID\raid_tool.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6F7E67D8-AD4F-A99B-1EE6-A4BFDD82DDC9} - C:\WINNT\System32\dgi.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINNT\System32\wlib32.dll,start
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINNT\System32\algs.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Wnar] "C:\Programmi\wsee\arhc.exe" -vt yazb
O4 - HKCU\..\Run: [Xqppxzeq] C:\Programmi\??stem32\??xplore.exe
O4 - HKCU\..\Run: [Windows Update Drive] disk.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NetBIOS Helper Service (NetBIOS Helper) - Unknown owner - C:\WINNT\System32\nbthlp.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\TELECO~1\Alice\app\pppoeservice.exe

Sapete darmi una mano?
Grazie.
trifranz1081 è offline