|
|||||||
|
|
|
 |
|
|
Strumenti |
05-08-2007, 22:09
|
#1 |
|
Member
Iscritto dal: Jun 2006
Messaggi: 43
|
Problemi con la rete
Un saluto a tutti!
ho un router modem adsl wi-fi USRobotics 9111 e non riesco a capire bene dal log se ho dei guai con la rete... qualcuno può darmi una mano? Ecco il log 08/05/2007 20:35:36 **TCP FIN Scan** 192.168.2.2, 2487->> 62.32.97.21, 80 (from ATM1 Outbound) 08/05/2007 20:31:21 **TCP FIN Scan** 192.168.2.2, 2015->> 151.1.244.2, 80 (from ATM1 Outbound) 08/05/2007 20:29:44 **TCP FIN Scan** 217.56.122.195, 80->> 192.168.2.2, 1515 (from ATM1 Inbound) 08/05/2007 20:29:10 **Smurf** 193.153.59.0, 4672->> 192.168.2.2, 35462 (from ATM1 Inbound) 08/05/2007 20:24:30 **TCP FIN Scan** 192.168.2.2, 4697->> 151.1.244.2, 80 (from ATM1 Outbound) 08/05/2007 20:21:17 192.168.2.2 login success 08/05/2007 20:10:00 **TCP FIN Scan** 89.186.95.82, 80->> 192.168.2.2, 2829 (from ATM1 Inbound) 08/05/2007 20:01:02 **TCP FIN Scan** 192.168.2.2, 1461->> 82.103.137.41, 80 (from ATM1 Outbound) 08/05/2007 20:01:02 **TCP FIN Scan** 192.168.2.2, 1499->> 64.15.155.212, 80 (from ATM1 Outbound) 08/05/2007 19:51:49 **TCP FIN Scan** 192.168.2.2, 4034->> 66.118.145.4, 80 (from ATM1 Outbound) 08/05/2007 19:51:49 **TCP FIN Scan** 192.168.2.2, 3920->> 82.103.137.41, 80 (from ATM1 Outbound) 08/05/2007 19:40:16 **TCP FIN Scan** 192.168.2.2, 2834->> 82.84.16.14, 43961 (from ATM1 Outbound) 08/05/2007 19:27:07 **TCP FIN Scan** 192.168.2.2, 1423->> 82.51.91.197, 4662 (from ATM1 Outbound) 08/05/2007 19:14:59 **TCP FIN Scan** 192.168.2.2, 5084->> 87.17.240.201, 1726 (from ATM1 Outbound) 08/05/2007 19:14:59 **TCP FIN Scan** 192.168.2.2, 5084->> 79.9.236.65, 1940 (from ATM1 Outbound) 08/05/2007 19:14:59 **TCP FIN Scan** 192.168.2.2, 3676->> 82.54.101.42, 41958 (from ATM1 Outbound) 08/05/2007 19:14:59 **TCP FIN Scan** 192.168.2.2, 3662->> 87.6.76.190, 13320 (from ATM1 Outbound) 08/05/2007 19:14:59 **TCP FIN Scan** 192.168.2.2, 3644->> 79.3.229.66, 55172 (from ATM1 Outbound) 08/05/2007 19:10:53 **TCP FIN Scan** 192.168.2.2, 3024->> 8.12.199.124, 80 (from ATM1 Outbound) 08/05/2007 19:10:53 **TCP FIN Scan** 192.168.2.2, 3046->> 4.23.54.124, 80 (from ATM1 Outbound) 08/05/2007 19:03:59 192.168.2.2 logout 08/05/2007 19:02:22 192.168.2.2 login success 08/05/2007 18:40:44 **TCP FIN Scan** 192.168.2.2, 1121->> 194.20.72.34, 80 (from ATM1 Outbound) 08/05/2007 18:40:44 **TCP FIN Scan** 192.168.2.2, 1085->> 194.20.72.33, 80 (from ATM1 Outbound) 08/05/2007 18:27:08 NTP Date/Time updated. 08/01/2003 00:00:21 I/F(ATM1) PPP connection ok ! 08/01/2003 00:00:20 ATM1 get IP:84.223.150.79 08/01/2003 00:00:15 ATM1 start PPP 08/01/2003 00:00:15 ADSL Media Up ! 192.168.2.2 - è l'IP del mio pc La cosa che mi ha insospettito e che mi sembra singolare è che mentre navigavo il forum di hwupgrade non riuscivo ad visualizzare le pagine. IE 7 dopo che ci "pensava" un po' diceva che era impossibile visualizzare la pagina e di controllare la connessione. Però mentre accadeva questo potevo benissimo navigare altre pagine web senza alcun problema Quando sono riuscivo finalmente a proseguire all'interno del forum, facendo un refresh del log del router mi sono apparse le righe che metto in grassetto! Non vorrei che la cosa fosse collegata al fatto che una settimana fa Avast (ver 4.7) mi ha segnalato (nel registro eventi alla voce "Attenzione") questo Trojan: Win32:Agent-ITQ (a seguito di un indirizzo web digitato male) e diceva di averlo bloccato. ho visitato questo sito http://www.suspectfile.com/forum/viewtopic.php?t=156 per rendermi conto della minaccia. ho effettuato una scansione con Avast in modalità provvisoria, verificato la presenza del servizio random, ecc. e non ho travoto nulla. Se può servire ecco il log fatto con hijack this: Logfile of HijackThis v1.99.1 Scan saved at 22.00.36, on 05/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Mixer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Utility\Hijack This 1.99\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{EB8888AD-F0B2-4769-B637-E740785B6ADE}: NameServer = 213.205.32.70,213.205.36.70 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programmi\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Detto questo (e scusatemi se mi sono dilungato troppo) ringrazio in anticipo chiunque possa rispondermi! Grazie |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:50.
