connessione che si blocca e siti Microsoft inagibili

[miklilac]

Ciao a tutti,
da un po' di tempo non riesco più ad accedere ai siti Microsoft e a quelli di scan-antivirus online

In più dopo un pò che sono connesso mi compare un errore che blocca la connessione e che andando a guardare nei registri di sistema riporta quanto segue:

svchost.exe_ProfSvc

Applicazione che ha generato l'errore svchost.exe_ProfSvc, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore ntdll.dll, versione 6.0.6001.18000, timestamp 0x4791a7a6, codice eccezione 0xc0000005, offset errore 0x000659c3, ID processo 0x49c, data e ora di avvio dell'applicazione 0x01c9c5d6c3ddd20c.

Ho già fatto una scansione con System Scan..c'è qualcuno a cui posso postarla e che mi sa aiutare per procedere nelle risoluzione del problema???

Grazie

[Deifobe]

Originariamente inviato da miklilac
Ho già fatto una scansione con SystemScan..c'è qualcuno a cui posso postarla e che mi sa aiutare per procedere nelle risoluzione del problema???

carica il rapporto su http://www.megaupload.com/ e posta il link, grazie..

ciao

[miklilac]

ecco il link:
http://www.megaupload.com/?d=4SS5SKTH

Grazie

[Deifobe]

ciao
Esegui Avenger e nella finestra che si apre copia/incolla tutta la citazione:

files to delete:
C:\Users\Michele\AppData\Local\Temp\tmp15D7.tmp
C:\Users\Michele\AppData\Local\Temp\tmp8653.tmp
C:\Users\Michele\AppData\Local\Temp\tmp8652.xml
C:\Users\Michele\AppData\Local\Temp\tmp8652.tmp
C:\Users\Michele\AppData\Local\Temp\tmpB76E.tmp
C:\Users\Michele\AppData\Local\Temp\tmpAA81.tmp
C:\Users\Michele\AppData\Local\Temp\abm25AB.tmp
C:\Users\Michele\AppData\Local\Temp\abmC38A.tmp
C:\Users\Michele\AppData\Local\Temp\abmC358.tmp
C:\Users\Michele\AppData\Local\Temp\abm59B4.tmp
C:\Users\Michele\AppData\Local\Temp\tmpFBFB.tmp
C:\Users\Michele\AppData\Local\Temp\tmp3BE9.tmp
C:\Users\Michele\AppData\Local\Temp\tmp5936.tmp
C:\Windows\system32\0669E.tmp
C:\Windows\system32\06884.tmp
C:\Windows\system32\06602.tmp
C:\Windows\system32\06C1A.tmp
C:\Windows\system32\0695D.tmp
C:\Windows\system32\08564.tmp
C:\Windows\system32\06C2A.tmp
C:\Windows\system32\08E1B.tmp
C:\Windows\system32\06A0A.tmp
C:\Windows\system32\06C39.tmp
C:\Windows\system32\07167.tmp
C:\Windows\system32\09896.tmp
C:\Windows\system32\06CA6.tmp
C:\Windows\system32\06CD5.tmp
C:\Windows\system32\065B5.tmp
C:\Windows\system32\06D72.tmp
C:\Windows\system32\06B6F.tmp
C:\Windows\system32\06CB6.tmp
C:\Windows\system32\069D9.tmp
C:\Windows\system32\07177.tmp
C:\Windows\system32\06814.tmp
C:\Windows\system32\06D42.tmp
C:\Windows\system32\06844.tmp
C:\Windows\system32\06B4F.tmp
C:\Windows\system32\06883.tmp
C:\Windows\system32\0A40B.tmp
C:\Windows\system32\06A56.tmp
C:\Windows\system32\06798.tmp
C:\Windows\system32\06537.tmp
C:\Windows\system32\067D6.tmp
C:\Windows\system32\06862.tmp
C:\Windows\system32\06355.tmp
C:\Windows\system32\069FA.tmp
C:\Windows\system32\06805.tmp
C:\Windows\system32\068DF.tmp
C:\Windows\system32\068FE.tmp
C:\Windows\system32\063E0.tmp
C:\Windows\system32\06891.tmp
C:\Windows\system32\06CC6.tmp
C:\Windows\system32\068EF.tmp
C:\Windows\system32\0699A.tmp
C:\Windows\system32\06A09.tmp
C:\Windows\system32\06A08.tmp
C:\Windows\system32\0691E.tmp
C:\Windows\system32\06289.tmp
C:\Windows\system32\06882.tmp
C:\Windows\system32\0692D.tmp
C:\Windows\system32\0673A.tmp
C:\Windows\system32\067C6.tmp
C:\Windows\system32\067A7.tmp
C:\Windows\system32\069F9.tmp
C:\Windows\system32\066EC.tmp
C:\Windows\system32\06B30.tmp
C:\Windows\system32\06AC3.tmp
C:\Windows\system32\069F8.tmp
C:\Windows\system32\06CF4.tmp
C:\Windows\system32\0696D.tmp
C:\Windows\system32\065A4.tmp
C:\Windows\system32\06843.tmp
C:\Windows\system32\06A36.tmp
C:\Windows\system32\0694C.tmp
C:\Windows\system32\06576.tmp
C:\Windows\system32\065B4.tmp
C:\Windows\system32\06AA4.tmp
C:\Windows\system32\06680.tmp
C:\Windows\system32\06B6E.tmp
C:\Windows\system32\0696C.tmp
C:\Windows\system32\0695C.tmp
C:\Windows\system32\06C78.tmp
C:\Windows\system32\06F36.tmp
C:\Windows\system32\06354.tmp
C:\Windows\system32\065C4.tmp
C:\Windows\system32\06D71.tmp
C:\Windows\system32\06C68.tmp
C:\Windows\system32\0667F.tmp
C:\Windows\system32\033D6.tmp

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset002\services\q nqtic
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\qnqtic
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\ legacy_qnqtic
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_qnqtic

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo. Posta il report rilasciato in c:\avenger.txt


scarica questa Utility ed attiva solo:
Abilita servizio "Aggiornamenti AutomaticI" (Wuauserv & BITS)
Abilita servizio "Centro sicurezza PC" (Wscsvc)


vedi ora se riesci ad andare sui siti..

ciao

[miklilac]

Di sotto quanto in C:\Avenger
Grazie

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Sun May 31 15:07:29 2009

15:07:26: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\qnqtic" (Registry key deletion mode)
15:07:29: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\Users\Michele\AppData\Local\Temp\tmp15D7.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmp8653.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmp8652.x ml" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmp8652.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmpB76E.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmpAA81.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\abm25AB.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\abmC38A.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\abmC358.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\abm59B4.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmpFBFB.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmp3BE9.t mp" deleted successfully.
File "C:\Users\Michele\AppData\Local\Temp\tmp5936.t mp" deleted successfully.
File "C:\Windows\system32\0669E.tmp" deleted successfully.
File "C:\Windows\system32\06884.tmp" deleted successfully.
File "C:\Windows\system32\06602.tmp" deleted successfully.
File "C:\Windows\system32\06C1A.tmp" deleted successfully.
File "C:\Windows\system32\0695D.tmp" deleted successfully.
File "C:\Windows\system32\08564.tmp" deleted successfully.
File "C:\Windows\system32\06C2A.tmp" deleted successfully.
File "C:\Windows\system32\08E1B.tmp" deleted successfully.
File "C:\Windows\system32\06A0A.tmp" deleted successfully.
File "C:\Windows\system32\06C39.tmp" deleted successfully.
File "C:\Windows\system32\07167.tmp" deleted successfully.
File "C:\Windows\system32\09896.tmp" deleted successfully.
File "C:\Windows\system32\06CA6.tmp" deleted successfully.
File "C:\Windows\system32\06CD5.tmp" deleted successfully.
File "C:\Windows\system32\065B5.tmp" deleted successfully.
File "C:\Windows\system32\06D72.tmp" deleted successfully.
File "C:\Windows\system32\06B6F.tmp" deleted successfully.
File "C:\Windows\system32\06CB6.tmp" deleted successfully.
File "C:\Windows\system32\069D9.tmp" deleted successfully.
File "C:\Windows\system32\07177.tmp" deleted successfully.
File "C:\Windows\system32\06814.tmp" deleted successfully.
File "C:\Windows\system32\06D42.tmp" deleted successfully.
File "C:\Windows\system32\06844.tmp" deleted successfully.
File "C:\Windows\system32\06B4F.tmp" deleted successfully.
File "C:\Windows\system32\06883.tmp" deleted successfully.
File "C:\Windows\system32\0A40B.tmp" deleted successfully.
File "C:\Windows\system32\06A56.tmp" deleted successfully.
File "C:\Windows\system32\06798.tmp" deleted successfully.
File "C:\Windows\system32\06537.tmp" deleted successfully.
File "C:\Windows\system32\067D6.tmp" deleted successfully.
File "C:\Windows\system32\06862.tmp" deleted successfully.
File "C:\Windows\system32\06355.tmp" deleted successfully.
File "C:\Windows\system32\069FA.tmp" deleted successfully.
File "C:\Windows\system32\06805.tmp" deleted successfully.
File "C:\Windows\system32\068DF.tmp" deleted successfully.
File "C:\Windows\system32\068FE.tmp" deleted successfully.
File "C:\Windows\system32\063E0.tmp" deleted successfully.
File "C:\Windows\system32\06891.tmp" deleted successfully.
File "C:\Windows\system32\06CC6.tmp" deleted successfully.
File "C:\Windows\system32\068EF.tmp" deleted successfully.
File "C:\Windows\system32\0699A.tmp" deleted successfully.
File "C:\Windows\system32\06A09.tmp" deleted successfully.
File "C:\Windows\system32\06A08.tmp" deleted successfully.
File "C:\Windows\system32\0691E.tmp" deleted successfully.
File "C:\Windows\system32\06289.tmp" deleted successfully.
File "C:\Windows\system32\06882.tmp" deleted successfully.
File "C:\Windows\system32\0692D.tmp" deleted successfully.
File "C:\Windows\system32\0673A.tmp" deleted successfully.
File "C:\Windows\system32\067C6.tmp" deleted successfully.
File "C:\Windows\system32\067A7.tmp" deleted successfully.
File "C:\Windows\system32\069F9.tmp" deleted successfully.
File "C:\Windows\system32\066EC.tmp" deleted successfully.
File "C:\Windows\system32\06B30.tmp" deleted successfully.
File "C:\Windows\system32\06AC3.tmp" deleted successfully.
File "C:\Windows\system32\069F8.tmp" deleted successfully.
File "C:\Windows\system32\06CF4.tmp" deleted successfully.
File "C:\Windows\system32\0696D.tmp" deleted successfully.
File "C:\Windows\system32\065A4.tmp" deleted successfully.
File "C:\Windows\system32\06843.tmp" deleted successfully.
File "C:\Windows\system32\06A36.tmp" deleted successfully.
File "C:\Windows\system32\0694C.tmp" deleted successfully.
File "C:\Windows\system32\06576.tmp" deleted successfully.
File "C:\Windows\system32\065B4.tmp" deleted successfully.
File "C:\Windows\system32\06AA4.tmp" deleted successfully.
File "C:\Windows\system32\06680.tmp" deleted successfully.
File "C:\Windows\system32\06B6E.tmp" deleted successfully.
File "C:\Windows\system32\0696C.tmp" deleted successfully.
File "C:\Windows\system32\0695C.tmp" deleted successfully.
File "C:\Windows\system32\06C78.tmp" deleted successfully.
File "C:\Windows\system32\06F36.tmp" deleted successfully.
File "C:\Windows\system32\06354.tmp" deleted successfully.
File "C:\Windows\system32\065C4.tmp" deleted successfully.
File "C:\Windows\system32\06D71.tmp" deleted successfully.
File "C:\Windows\system32\06C68.tmp" deleted successfully.
File "C:\Windows\system32\0667F.tmp" deleted successfully.
File "C:\Windows\system32\033D6.tmp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\system\controlset002\services\ qnqtic" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\qnqtic" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\system\controlset002\enum\root \legacy_qnqtic" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset002\enum\root \legacy_qnqtic" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\ root\legacy_qnqtic" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\ root\legacy_qnqtic" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Deifobe]

Originariamente inviato da Deifobe
vedi ora se riesci ad andare sui siti..

[miklilac]

Ok ora posso accedere regolarmente ai siti Microsoft

PS. Ti chiedo una cosa per mia curiosità...quell'utility che ho scaricato e lanciato alla fine di tutti i passaggi indicati serviva per abilitare quei servizi che lanciando Avenger erano stati disabilitati?

Grazie

[Deifobe]

no, serve per abilitare i servizi che il conficker ti ha disabilitato.
avenger non c'entra..




ciao