Isass.exe come rimuoverlo!

[Hamleto]

Ciao ragazzi,con mia sorpreso ho visto che il famoso isass.exe è ancora nel mio PC anche se nn dà problemi di riavii,come posso rimuoverlo dal pc?
Grazie mille

[andorra24]

Fai una scansione con il tuo antivirus in modalita' provvisoria e con il ripristino disattivato. Eventualmente dai anche una passata con stinger: http://download.nai.com/products/mca..._i_n_g_e_r.exe

[BravoGT83]

comincia a postare il log di hijackthis se non sia cos'è il rilievo ce il 3d ufficiale...

[BravoGT83]

http://www.ilsoftware.it/av.asp?ID=46

prova questo metodo

[Hamleto]

Quote:

Originariamente inviato da BravoGT83

comincia a postare il log di hijackthis se non sia cos'è il rilievo ce il 3d ufficiale...

Logfile of HijackThis v1.99.1
Scan saved at 19.33.24, on 25/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\jlwncct.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gianluca\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_90.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Microsoft Windows Updater] windates.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [3m3ef9oE] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Á³#*K"h'þ9Óœ÷3rÅWC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏ3rÅ(WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏNb‰»9C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] windates.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] windates.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{253EB480-2C24-4E38-A5A8-7A278E9F5889}: NameServer = 85.37.17.15 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{253EB480-2C24-4E38-A5A8-7A278E9F5889}: NameServer = 85.37.17.15 151.99.125.1
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

[andorra24]

Fixa:
C:\WINDOWS\jlwncct.exe
C:\Programmi\ISTsvc\istsvc.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_90.dll
O4 - HKLM\..\Run: [Microsoft Windows Updater] windates.exe
O4 - HKLM\..\Run: [3m3ef9oE] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Á³#*K"h'þ9Óœ÷3rÅWC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏ3rÅ(WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏNb‰»9C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] windates.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] windates.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

[BravoGT83]

C:\WINDOWS\jlwncct.exe
C:\Programmi\ISTsvc\istsvc.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_90.dll
O4 - HKLM\..\Run: [Microsoft Windows Updater] windates.exe
O4 - HKLM\..\Run: [3m3ef9oE] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Á³#*K"h'þ9Óœ÷3rÅWC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏ3rÅ(WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\Run: [Á³#*s"h'þ9ÓœÏNb‰»9C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\jlwncct.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] windates.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] windates.exe
O10 - Hijacked Internet access by New.Net

disabilita il ripristino di sistema e poi in modalità provvisoria fixa quei voci.
gli exe è meglio che cancelli manualmente

ma arrivi sempre prima

[andorra24]

Quote:

Originariamente inviato da BravoGT83

ma arrivi sempre prima

eh eh eh abbiamo postato lo stesso minuto

[BravoGT83]

Quote:

Originariamente inviato da andorra24

eh eh eh abbiamo postato lo stesso minuto

l'ho notato ma si vede che sul server le donne come sempre hanno la precedenza

[Pεrveяsivo]

Quote:

Originariamente inviato da Hamleto

Ciao ragazzi,con mia sorpreso ho visto che il famoso isass.exe è ancora nel mio PC anche se nn dà problemi di riavii,come posso rimuoverlo dal pc?
Grazie mille

Tralasciando tutto il resto, già indicato dagli altri ragazzi, non è che ti stai confondendo con Lsass (file di sistema da non cancellare)?