Ajuda por favor ( insolito)
- Autor do tópico marros
- Data Início
não!
vírus!
corre o spybot (devidamente actualizado e com a ferramenta de imunização activada).
corre o hijackthis e posta a logfile.
vírus!
corre o spybot (devidamente actualizado e com a ferramenta de imunização activada).
corre o hijackthis e posta a logfile.
marros
Power Member
Raios desculpa nao estou a bater bem , em fez de salvar log em texto tirei uma foto heheheh!
Tou a ficar velho
Aqui:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:46:02, on 28-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Programas\Sygate\SPF\smc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Programas\Eset\nod32kui.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Programas\Pinnacle Systems\Shared Files\Programs\USBTip\USBTip.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Programas\Ficheiros comuns\InterVideo\DeviceService\DevSvc.exe
G:\Programas\Eset\nod32krn.exe
G:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
G:\Programas\Internet Explorer\IEXPLORE.EXE
C:\PROGRAMAS\sistema\EVEREST Ultimate Edition 2007 BETA 4.00.1016\everestultimate_build_1026_fl0zknsdy2x\everest.exe
G:\Programas\Mozilla Firefox\firefox.exe
G:\Documents and Settings\E.U\Ambiente de trabalho\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - G:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - G:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "G:\Programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "G:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "G:\Programas\Pinnacle Systems\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [UVS11 Preload] G:\Programas\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180199460703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Capture Device Service - InterVideo Inc. - G:\Programas\Ficheiros comuns\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - G:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Programas\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Programas\SiSoftware\SiSoftware Sandra Engineer XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Programas\SiSoftware\SiSoftware Sandra Engineer XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programas\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6779 bytes
Tou a ficar velho
Aqui:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:46:02, on 28-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Programas\Sygate\SPF\smc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Programas\Eset\nod32kui.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Programas\Pinnacle Systems\Shared Files\Programs\USBTip\USBTip.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Programas\Ficheiros comuns\InterVideo\DeviceService\DevSvc.exe
G:\Programas\Eset\nod32krn.exe
G:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
G:\Programas\Internet Explorer\IEXPLORE.EXE
C:\PROGRAMAS\sistema\EVEREST Ultimate Edition 2007 BETA 4.00.1016\everestultimate_build_1026_fl0zknsdy2x\everest.exe
G:\Programas\Mozilla Firefox\firefox.exe
G:\Documents and Settings\E.U\Ambiente de trabalho\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - G:\Programas\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - G:\Programas\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "G:\Programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "G:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "G:\Programas\Pinnacle Systems\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [UVS11 Preload] G:\Programas\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180199460703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Capture Device Service - InterVideo Inc. - G:\Programas\Ficheiros comuns\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - G:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Programas\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Programas\SiSoftware\SiSoftware Sandra Engineer XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Programas\SiSoftware\SiSoftware Sandra Engineer XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programas\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6779 bytes
helius
Power Member
não sei especificamente para que serve o winsock, mas o erro que dá é no dll, provávelmente está corrompido ou infectado. O outro problema que aparece é nos drivers de audio, julgo que também não tem nada a ver com os acentos...
como ele correu o spybot... pelo menos foi o que eu percebi
Nao deu nada
não deu nada, quer dizer o quê?
não detectou/apagou nenhum spyware?
claro que podes correr o lspfix (link directo).
entretanto vai ao painel de controle ver como estão as configurações do teu teclado...
não detectou/apagou nenhum spyware?
claro que podes correr o lspfix (link directo).
entretanto vai ao painel de controle ver como estão as configurações do teu teclado...
pereira_killer
Power Member
Ja vistes se não tens o teclado em Ingles ou outra lingua qualquer.
marros
Power Member
Nao tá em pt mesmo .
O qur eu tive foi a observar o arranque do sistema e ao mesmo tempo a teclar e os acentos aparecem até ao momento em que aparece o aviso da firewall e e aceitando ou nao a ligaçao deixa imediatamente de dar acentos:
File Version : 5.1.2600.2180
File Description : Generic Host Process for Win32 Services (svchost.exe)
File Path : G:\WINDOWS\system32\svchost.exe
Process ID : 0x48C (Heximal) 1164 (Decimal)
Connection origin : local initiated
Protocol : UDP
Local Address : 89.234.23.44
Local Port : 1034
Remote Name :
Remote Address : 239.255.255.250
Remote Port : 1900 (SSDP - Simple Service Discovery Protocol)
Ethernet packet details:
Ethernet II (Packet Length: 189)
Destination: 01-00-5e-7f-ff-fa
Source: 00-13-8f-fe-06-ad
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x70fc (Correct)
Source: 89.234.23.44
Destination: 239.255.255.250
User Datagram Protocol
Source port: 1034
Destination port: 1900
Length: 8
Checksum: 0xb590 (Correct)
Data (141 Bytes)
Binary dump of the packet:
0000: 01 00 5E 7F FF FA 00 13 : 8F FE 06 AD 08 00 45 00 | ..^...........E.
0010: 00 A1 00 1D 00 00 01 11 : FC 70 59 98 73 2C EF FF | .........pY.s,..
0020: FF FA 04 0A 07 6C 00 8D : 90 B5 4D 2D 53 45 41 52 | .....l....M-SEAR
0030: 43 48 20 2A 20 48 54 54 : 50 2F 31 2E 31 0D 0A 48 | CH * HTTP/1.1..H
0040: 6F 73 74 3A 32 33 39 2E : 32 35 35 2E 32 35 35 2E | ost:239.255.255.
0050: 32 35 30 3A 31 39 30 30 : 0D 0A 53 54 3A 75 72 6E | 250:1900..ST:urn
0060: 3A 73 63 68 65 6D 61 73 : 2D 75 70 6E 70 2D 6F 72 | :schemas-upnp-or
0070: 67 3A 64 65 76 69 63 65 : 3A 49 6E 74 65 72 6E 65 | g:device:Interne
0080: 74 47 61 74 65 77 61 79 : 44 65 76 69 63 65 3A 31 | tGatewayDevice:1
0090: 0D 0A 4D 61 6E 3A 22 73 : 73 64 70 3A 64 69 73 63 | ..Man:"ssdp:disc
00A0: 6F 76 65 72 22 0D 0A 4D : 58 3A 33 0D 0A 0D 0A 00 | over"..MX:3.....
00B0: 00 00 00 05 00 56 00 03 : 00 01 00 01 00 | .....V.......
O qur eu tive foi a observar o arranque do sistema e ao mesmo tempo a teclar e os acentos aparecem até ao momento em que aparece o aviso da firewall e e aceitando ou nao a ligaçao deixa imediatamente de dar acentos:
File Version : 5.1.2600.2180
File Description : Generic Host Process for Win32 Services (svchost.exe)
File Path : G:\WINDOWS\system32\svchost.exe
Process ID : 0x48C (Heximal) 1164 (Decimal)
Connection origin : local initiated
Protocol : UDP
Local Address : 89.234.23.44
Local Port : 1034
Remote Name :
Remote Address : 239.255.255.250
Remote Port : 1900 (SSDP - Simple Service Discovery Protocol)
Ethernet packet details:
Ethernet II (Packet Length: 189)
Destination: 01-00-5e-7f-ff-fa
Source: 00-13-8f-fe-06-ad
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x70fc (Correct)
Source: 89.234.23.44
Destination: 239.255.255.250
User Datagram Protocol
Source port: 1034
Destination port: 1900
Length: 8
Checksum: 0xb590 (Correct)
Data (141 Bytes)
Binary dump of the packet:
0000: 01 00 5E 7F FF FA 00 13 : 8F FE 06 AD 08 00 45 00 | ..^...........E.
0010: 00 A1 00 1D 00 00 01 11 : FC 70 59 98 73 2C EF FF | .........pY.s,..
0020: FF FA 04 0A 07 6C 00 8D : 90 B5 4D 2D 53 45 41 52 | .....l....M-SEAR
0030: 43 48 20 2A 20 48 54 54 : 50 2F 31 2E 31 0D 0A 48 | CH * HTTP/1.1..H
0040: 6F 73 74 3A 32 33 39 2E : 32 35 35 2E 32 35 35 2E | ost:239.255.255.
0050: 32 35 30 3A 31 39 30 30 : 0D 0A 53 54 3A 75 72 6E | 250:1900..ST:urn
0060: 3A 73 63 68 65 6D 61 73 : 2D 75 70 6E 70 2D 6F 72 | :schemas-upnp-or
0070: 67 3A 64 65 76 69 63 65 : 3A 49 6E 74 65 72 6E 65 | g:device:Interne
0080: 74 47 61 74 65 77 61 79 : 44 65 76 69 63 65 3A 31 | tGatewayDevice:1
0090: 0D 0A 4D 61 6E 3A 22 73 : 73 64 70 3A 64 69 73 63 | ..Man:"ssdp:disc
00A0: 6F 76 65 72 22 0D 0A 4D : 58 3A 33 0D 0A 0D 0A 00 | over"..MX:3.....
00B0: 00 00 00 05 00 56 00 03 : 00 01 00 01 00 | .....V.......