[Resolvido!]Socket error 11004 em notebook

Jiunsi · Agosto 15, 2006

ola, tenho um notebook Acer Aspire 3000 e está apresentando o erro 11004 alem de não deixar correr o AVG free!! Sou novato em isto e não faço idea de como resolver o problema. Obrigado pela ajuda! :(

jgarcia · Agosto 15, 2006

Opa Jiunsi,

Faça o seguinte:

Baixe o HijackThis versão 1.99.1.

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

Abraços.

Jiunsi · Agosto 16, 2006

Ai vá:

Logfile of HijackThis v1.99.1

Scan saved at 9:12:17 PM, on 8/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Acer\eManager\anbmServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.latam.msn.com/0SEESXL/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

valeu jgarcia

jgarcia · Agosto 19, 2006

Opa Jiunsi,

Execute o Active Scan da Panda e retorne com o resultado.

Abraços.

Jiunsi · Agosto 20, 2006

Já fiz o scan com pandasoftware e o resultado foi o seguinte:Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Home\Cookies\home@atdmt[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Home\Cookies\home@112.2o7[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Home\Cookies\home@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Home\Cookies\home@uol.com[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Home\Cookies\home@statcounter[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Home\Cookies\home@serving-sys[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Home\Cookies\home@terra.com[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Home\Cookies\home@realmedia[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Home\Cookies\home@searchportal.information[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Home\Cookies\home@ad.yieldmanager[2].txt acho que tenho varios bichos no meu computador, por favor me ajuda Não esqueça que ainda não posso usar o avg free nem desativa-lo pelo control panel!!!Obrigado!!! :wacko:

jgarcia · Agosto 20, 2006

Opa Jiunsi,

Baixe o Silent Runners.

Extraia o arquivo Sillent Runners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) 00/00/00. Copie o conteúdo deste documento e cole aqui.

Abraços.

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

Jiunsi · Agosto 20, 2006

Ok! pronto o conteúdo do script é o seguinte:

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"LaunchApp" = "Alaunch" ["Acer Inc."]

"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]

"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]

"SiS Windows KeyHook" = "C:\WINDOWS\system32\keyhook.exe" ["Silicon Integrated Systems Corporation"]

"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]

"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]

"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]

"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]

"PCMService" = ""C:\Program Files\Arcade\PCMService.exe"" ["CyberLink Corp."]

"LManager" = "C:\Program Files\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]

"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

"RegistryMechanic" = "C:\Program Files\Registry Mechanic\RegMech.exe /QS" ["PC Tools Research Pty Ltd"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

Aguardo a sua ajuda!! Valeu

jgarcia · Agosto 21, 2006

Opa Jiunsi,

O log do Silent Runners parece estar incompleto. Execute-o mais uma vez e aguarde até o término da varredura para geração do novo log (pode demorar um pouco).

Abraços.

Jiunsi · Agosto 22, 2006

Opa Jiunsi,

O log do Silent Runners parece estar incompleto. Execute-o mais uma vez e aguarde até o término da varredura para geração do novo log (pode demorar um pouco).

Abraços.

Epa jgarcia você tem razão!!! o log completo é o seguinte: :cry: