[Resolvido] Socket error 11004

stratocaster · Janeiro 30, 2006

Por favor, também gostaria de ajuda na resolução desse problema....

Logfile of HijackThis v1.99.1

Scan saved at 13:43:12, on 30/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SVCH0ST.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\MSMSGS.EXE

C:\WINDOWS\vsnpt513.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\XP_2200\Meus documentos\Meus arquivos recebidos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {D26E393C-F370-FAB0-6D3E-15EA24213778} - C:\DOCUME~1\XP_2200\DADOSD~1\PROGRA~1\drvamok.exe (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [idle peak dash cast] C:\Documents and Settings\All Users\Dados de aplicativos\Owns Cool Idle Peak\pop sect.exe

O4 - HKLM\..\Run: [sVCH0ST.EXE] C:\WINDOWS\SVCH0ST.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [GplLite] C:\DOCUME~1\XP_2200\DADOSD~1\THIRDD~1\manager você logo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARQUIV~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [discador] C:\Arquivos de programas\TurboADSL\TurboADSL 0.98\DISCADOR.EXE

O4 - Global Startup: VSNPT513.lnk = C:\WINDOWS\vsnpt513.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARQUIV~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://secure.gestrip.com (HKLM)

O15 - Trusted Zone: http://update.randhi.com (HKLM)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135055336112

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{162FC1E2-F200-4C9D-A0C2-1262F9D9A1B2}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{838D5DE8-199A-4CC4-B895-57E02E96BC5A}: NameServer = 201.10.128.3 201.10.128.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{162FC1E2-F200-4C9D-A0C2-1262F9D9A1B2}: Domain = @

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

jgarcia · Janeiro 30, 2006

Caro stratocaster,

Vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

C:\Documents and Settings\XP_2200\Meus documentos\Meus arquivos recebidos\HijackThis.exe <-- Não.

Atenção --> Coloque o HijackThis em uma pasta prórpia, por exemplo: C:\HTJ\HijackThis.exe.

1ª Etapa

Baixe o Killbox em:

Killbox

Baixe, mas não execute ainda.

Baixe o Deldomains em:

Deldomains

Baixe e salve o Deldomains.inf em seu desktop, mas não execute ainda.

Baixe o SpySweeper em:

SpySweeper

Baixe e atualize, mas não execute ainda.

2ª Etapa

1) Execute o Killbox, clique em Delete on Reboot.

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\DOCUME~1\XP_2200\DADOSD~1\PROGRA~1\drvamok.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Owns Cool Idle Peak

C:\WINDOWS\SVCH0ST.EXE

C:\DOCUME~1\XP_2200\DADOSD~1\THIRDD~1

C:\WINDOWS\vsnpt513.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

3ª Etapa

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {D26E393C-F370-FAB0-6D3E-15EA24213778} - C:\DOCUME~1\XP_2200\DADOSD~1\PROGRA~1\drvamok.exe (file missing)

O4 - HKLM\..\Run: [idle peak dash cast] C:\Documents and Settings\All Users\Dados de aplicativos\Owns Cool Idle Peak\pop sect.exe

O4 - HKLM\..\Run: [sVCH0ST.EXE] C:\WINDOWS\SVCH0ST.EXE

O4 - HKCU\..\Run: [GplLite] C:\DOCUME~1\XP_2200\DADOSD~1\THIRDD~1\manager você logo.exe

O4 - Global Startup: VSNPT513.lnk = C:\WINDOWS\vsnpt513.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{162FC1E2-F200-4C9D-A0C2-1262F9D9A1B2}: Domain = @

O17 - HKLM\System\CS1\Services\Tcpip\..\{162FC1E2-F200-4C9D-A0C2-1262F9D9A1B2}: Domain = @

Clique em Fix Checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

Você utiliza um Proxy para conectar-se à internet? Caso nõ utilize ou não saiba o que é um Proxy, dê Fix Checked na entrada acima também.

4ª Etapa

Ainda em Modo Seguro faça o seguinte:

1) Execute o Deldomains:

Dê um clique-direito no arquivo deldomains.inf e então clique em Instalar. Executar o arquivo diretamente não funciona.

2) Execute uma verificação completa com o SpySweeper.

5ª Etapa

Reinicie em modo normal.

Submeta os arquivos abaixo ao site Virus Total.

C:\pav.reg
C:\WINDOWS\system32\pavdr.exe

C:\WINDOWS\system32\userinit.exe

Retorne com os resultados e um novo log do HijackThis.

Aguardo retorno.

Um abraço.

stratocaster · Janeiro 31, 2006

Aqui vão os resultados:

This is a report processed by VirusTotal on 01/31/2006 at 03:19:37 (CET) after scanning the file "pav.reg" file.

Antivirus Version Update Result

AntiVir 6.33.0.81 01.30.2006 no virus found

Avast 4.6.695.0 01.30.2006 no virus found

AVG 718 01.30.2006 no virus found

Avira 6.33.0.81 01.30.2006 no virus found

BitDefender 7.2 01.31.2006 no virus found

CAT-QuickHeal 8.00 01.27.2006 no virus found

ClamAV devel-20051123 01.30.2006 no virus found

DrWeb 4.33 01.30.2006 no virus found

eTrust-InoculateIT 23.71.64 01.31.2006 no virus found

eTrust-Vet 12.4.2060 01.30.2006 no virus found

Ewido 3.5 01.30.2006 no virus found

Fortinet 2.54.0.0 01.31.2006 no virus found

F-Prot 3.16c 01.30.2006 no virus found

Ikarus 0.2.59.0 01.30.2006 no virus found

Kaspersky 4.0.2.24 01.31.2006 no virus found

McAfee 4685 01.30.2006 no virus found

NOD32v2 1.1388 01.30.2006 no virus found

Norman 5.70.10 01.30.2006 no virus found

Panda 9.0.0.4 01.31.2006 no virus found

Sophos 4.02.0 01.30.2006 no virus found

Symantec 8.0 01.31.2006 no virus found

TheHacker 5.9.3.084 01.31.2006 no virus found

UNA 1.83 01.27.2006 no virus found

VBA32 3.10.5 01.30.2006 no virus found

This is a report processed by VirusTotal on 01/31/2006 at 03:24:34 (CET) after scanning the file "userinit.exe" file.

Antivirus Version Update Result

AntiVir 6.33.0.81 01.30.2006 no virus found

Avast 4.6.695.0 01.30.2006 no virus found

AVG 718 01.30.2006 no virus found

Avira 6.33.0.81 01.30.2006 no virus found

BitDefender 7.2 01.31.2006 no virus found

CAT-QuickHeal 8.00 01.27.2006 no virus found

ClamAV devel-20051123 01.30.2006 no virus found

DrWeb 4.33 01.30.2006 no virus found

eTrust-InoculateIT 23.71.64 01.31.2006 no virus found

eTrust-Vet 12.4.2060 01.30.2006 no virus found

Ewido 3.5 01.30.2006 no virus found

Fortinet 2.54.0.0 01.31.2006 no virus found

F-Prot 3.16c 01.30.2006 no virus found

Ikarus 0.2.59.0 01.30.2006 no virus found

Kaspersky 4.0.2.24 01.31.2006 no virus found

McAfee 4685 01.30.2006 no virus found

NOD32v2 1.1388 01.30.2006 no virus found

Norman 5.70.10 01.30.2006 no virus found

Panda 9.0.0.4 01.31.2006 no virus found

Sophos 4.02.0 01.30.2006 no virus found

Symantec 8.0 01.31.2006 no virus found

TheHacker 5.9.3.084 01.31.2006 no virus found

UNA 1.83 01.27.2006 no virus found

VBA32 3.10.5 01.30.2006 no virus found

This is a report processed by VirusTotal on 01/31/2006 at 03:29:11 (CET) after scanning the file "pavdr.exe" file.

Antivirus Version Update Result

AntiVir 6.33.0.81 01.30.2006 no virus found

Avast 4.6.695.0 01.30.2006 no virus found

AVG 718 01.30.2006 no virus found

Avira 6.33.0.81 01.30.2006 no virus found

BitDefender 7.2 01.31.2006 no virus found

CAT-QuickHeal 8.00 01.27.2006 no virus found

ClamAV devel-20051123 01.30.2006 no virus found

DrWeb 4.33 01.30.2006 no virus found

eTrust-InoculateIT 23.71.64 01.31.2006 no virus found

eTrust-Vet 12.4.2060 01.30.2006 no virus found

Ewido 3.5 01.30.2006 no virus found

Fortinet 2.54.0.0 01.31.2006 no virus found

F-Prot 3.16c 01.30.2006 no virus found

Ikarus 0.2.59.0 01.30.2006 no virus found

Kaspersky 4.0.2.24 01.31.2006 no virus found

McAfee 4685 01.30.2006 no virus found

NOD32v2 1.1388 01.30.2006 no virus found

Norman 5.70.10 01.30.2006 no virus found

Panda 9.0.0.4 01.31.2006 no virus found

Sophos 4.02.0 01.30.2006 no virus found

Symantec 8.0 01.31.2006 no virus found

TheHacker 5.9.3.084 01.31.2006 no virus found

UNA 1.83 01.27.2006 no virus found

VBA32 3.10.5 01.30.2006 no virus found

Logfile of HijackThis v1.99.1

Scan saved at 22:28:59, on 30/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\MSMSGS.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\ARQUIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\HTJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray