[Resolvido!]erro socket 11004

lumis · Fevereiro 10, 2008

alguem que me ajude por favor....

Aparece-me este erro sistematicamente ( socket # 11004)..ninguem me conseguiu ajudar até me falarem neste forum....

Como ja estive a estudar aqui outros casos semelhantes deixo aqui o meu log e peço ajuda aos mestres....

Logfile of HijackThis v1.99.1

Scan saved at 15:21:40, on 10-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\Programas\Apoint2K\Apoint.exe

C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

C:\Programas\TOSHIBA\TouchPad\TPTray.exe

C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe

C:\Programas\TOSHIBA\Tvs\TvsTray.exe

C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\task.com

C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Programas\Apoint2K\Apntex.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\MODEM MF620\Modem.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\Rar$EX00.750\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programas\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programas\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Programas\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Programas\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [upgConfVer] "C:\Programas\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.01

O4 - HKLM\..\Run: [PPFW] c:\programas\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.1

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Mobile Phonetools] C:\Documents and Settings\Toshiba\Ambiente de trabalho\mphonetools.exe

O4 - HKLM\..\Run: [task] C:\WINDOWS\system32\task.com

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explora.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: CD do software adicional.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O15 - Trusted Zone: http://secure.gestrip.com (HKLM)

O15 - Trusted Zone: http://update.randhi.com (HKLM)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{215ACA7A-BF22-41D5-B114-948F353DBD40}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

Muito obrigado

Lumis

DigRam · Fevereiro 11, 2008

Bom Dia lumis!

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

___________________________

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

Abraços!

lumis · Fevereiro 11, 2008

Grande ajuda......

Conforme instruçoes aqui estão os dois relatórios.....Agradecia feedback dos relatórios...

Muito agradecido e cumprimentos deste lado do atlântico.....

Lumis

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 11-02-2008 - 18:55

-------------------------------------------------------

Lista de Definição: 2008-02-10-1

=======================================================

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

Logfile of HijackThis v1.99.1

Scan saved at 19:04:43, on 11-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\Programas\Apoint2K\Apoint.exe

C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

C:\Programas\TOSHIBA\TouchPad\TPTray.exe

C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe

C:\Programas\TOSHIBA\Tvs\TvsTray.exe

C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Apoint2K\Apntex.exe

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\MODEM MF620\Modem.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe