Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

avvio windows - cmd.exe Opzioni
commodore77
Inviato: Tuesday, September 24, 2013 6:57:32 PM
Rank: Newbie

Iscritto dal : 9/24/2013
Posts: 4
Salve,

ho preso in mano un pc per risolvere determinati problemi uno dei quali di sta facendo uscire di testa.
All'avvio, il pc non caricava explorer.exe ma cmd.

Ho innanzitutto ovviato al problema mettendo l'avvio di explorer.exe tra le operazioni pianificate e poi ho effettuato una serie di interventi (controllo winlogon su regedit, msconfig, scansioni con antispyware, ccleaner, avg) che comunque non risolvono la base del problema ovvero che ad ogni avvio mi parte (e non scompare) il famigerato cmd.

Allego scansione hijackthis. Qualuno sa aiutarmi? grazie!



---


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:35:09, on 24/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{62CBAF50-40B5-4931-A205-11DCFCF032D8}: NameServer = 83.224.70.78 83.224.70.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{90BD1172-FDEE-40A5-8C3C-FAAF3A6604C4}: NameServer = 83.224.70.78 83.224.70.62
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7896 bytes
Sponsor
Inviato: Tuesday, September 24, 2013 6:57:32 PM

 
r16
Inviato: Tuesday, September 24, 2013 7:02:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Prova a "fixare" questa voce:
Commenta:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320

Poi riavvia il pc
commodore77
Inviato: Tuesday, September 24, 2013 7:07:13 PM
Rank: Newbie

Iscritto dal : 9/24/2013
Posts: 4
non cambia nulla purtroppo :(
r16
Inviato: Tuesday, September 24, 2013 7:11:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Proviamo con OTL: ( per il momento questa scansione non elimina nulla)
Scarica OTL, e salvalo sul desktop:


http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per postare il log:

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
commodore77
Inviato: Tuesday, September 24, 2013 7:38:22 PM
Rank: Newbie

Iscritto dal : 9/24/2013
Posts: 4
r16
Inviato: Tuesday, September 24, 2013 7:46:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Devo riprenderti più tardi.
Ho letto molto velocemente il log.
Una delle possibili cause, (ma devo leggere a fondo il log) può essere la disistallazione errata di SpyHunter.
Inoltre per scoprire chi lancia quel cmd.exe lo potresti trovare nel registro eventi.
http://windows.microsoft.com/it-it/windows-vista/open-event-viewer
commodore77
Inviato: Tuesday, September 24, 2013 7:56:30 PM
Rank: Newbie

Iscritto dal : 9/24/2013
Posts: 4
nel visualizzatore eventi non riesco a trovare nulla che mi ricolleghi all'avvio cmd.

tranquillo, guardaci pure quando hai tempo.
grazie dell'aiuto!!
r16
Inviato: Tuesday, September 24, 2013 8:59:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Eccomi qui.

Il pc è molto infetto.

Per sicurezza crea un punto di ripristino.

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2848610895-3806501932-2432548836-1000 Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
[2013/09/23 14:17:44 | 000,230,400 | ---- | M] () -- C:\ProgramData\wsTyde1CVJ
[2013/09/23 14:17:44 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Local\VnbGE3AL
[2013/09/23 14:17:44 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\0syrg8apk
[2013/09/23 14:12:54 | 000,230,400 | ---- | M] () -- C:\ProgramData\ZKOYAspz
[2013/09/23 14:12:54 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\W99TU0p2B
[2013/09/23 14:12:54 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Local\dpo9qGUHXl
[2013/09/23 09:10:49 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Local\rtjUj0P9
[2013/09/23 09:10:49 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\hZMALfJ6Dph
[2013/09/23 09:10:49 | 000,230,400 | ---- | M] () -- C:\ProgramData\84dHJD1I
[2013/09/23 09:07:05 | 000,230,912 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\l8yzaictPf7
[2013/09/23 09:07:05 | 000,230,912 | ---- | M] () -- C:\Users\Asus\AppData\Local\hT1g0RdRF
[2013/09/23 09:07:05 | 000,230,912 | ---- | M] () -- C:\ProgramData\eHii6jzu
[2013/09/23 09:03:05 | 000,230,400 | ---- | M] () -- C:\ProgramData\pr2ZSgWE6s
[2013/09/23 09:03:05 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Local\oFkYVNDUY
[2013/09/23 09:03:05 | 000,230,400 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\gF3ZIvthZYp
[2013/09/23 17:01:22 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\gne0MSHE3
[2013/09/23 17:01:22 | 000,230,400 | ---- | C] () -- C:\ProgramData\dJbCvabIVL
[2013/09/23 17:01:22 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\cWs7zj1r
[2013/09/23 16:56:38 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\nTissfAE
[2013/09/23 16:56:38 | 000,230,400 | ---- | C] () -- C:\ProgramData\Jlzlx6cMIx
[2013/09/23 16:56:38 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\Je48sE1K
[2013/09/23 16:53:36 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\SeGpQM5kJ
[2013/09/23 16:53:36 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\sBTjAY7eF
[2013/09/23 16:53:36 | 000,230,400 | ---- | C] () -- C:\ProgramData\DUdXi8eHe
[2013/09/23 14:17:54 | 000,230,400 | ---- | C] () -- C:\ProgramData\wsTyde1CVJ
[2013/09/23 14:17:54 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\VnbGE3AL
[2013/09/23 14:17:54 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\0syrg8apk
[2013/09/23 14:13:05 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\dpo9qGUHXl
[2013/09/23 14:13:04 | 000,230,400 | ---- | C] () -- C:\ProgramData\ZKOYAspz
[2013/09/23 14:13:04 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\W99TU0p2B
[2013/09/23 09:10:59 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\rtjUj0P9
[2013/09/23 09:10:59 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\hZMALfJ6Dph
[2013/09/23 09:10:59 | 000,230,400 | ---- | C] () -- C:\ProgramData\84dHJD1I
[2013/09/23 09:07:15 | 000,230,912 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\l8yzaictPf7
[2013/09/23 09:07:15 | 000,230,912 | ---- | C] () -- C:\Users\Asus\AppData\Local\hT1g0RdRF
[2013/09/23 09:07:15 | 000,230,912 | ---- | C] () -- C:\ProgramData\eHii6jzu
[2013/09/23 09:03:19 | 000,230,400 | ---- | C] () -- C:\ProgramData\pr2ZSgWE6s
[2013/09/23 09:03:19 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Local\oFkYVNDUY
[2013/09/23 09:03:19 | 000,230,400 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\gF3ZIvthZYp
[2013/03/02 16:57:37 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\OpenCandy

:Files
C:\Program Files\Enigma Software Group\SpyHunter
C:\Program Files\Enigma Software Group
C:\Program Files\Microsoft Security Client
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

Fai una pulizia con CCleaner (registro compreso)

Rifai un'altra scansione con OTL. (come la prima)
Posta il log. (ne rilascerà 1 solo OTL.txt)
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.