[Arquivado] Problemas com a Janela do internet explorer "CiD&

cicerod2 · Novembro 16, 2009

galera me ajudem por favor, toda vez que eu inicio o internet explorer abre uma janela tipo pop up com prppragandas, no titulo da janela vem assim "CiD....." ja li em outros post que isso é um maleware e gostaria que você me ajudassem a exterminar essa praga do meu pc.

vai ai o log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:28:57, on 16/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\C4ebreg\c4ebreg.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\notes\ntmulti.exe

C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.25\pmonmh.exe

C:\Program Files\C4ebreg\isamtray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\New Folder\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe

O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.25/pmonmh.exe

O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q

O4 - HKLM\..\Run: [iSAMTray] "C:\Program Files\C4ebreg\isamtray.exe"

O4 - HKLM\..\Run: [w32msgr] C:\SDWORK\W32MAIN2.exe /log C:\SDWORK\MSGR.TXT OSPDB.POK.IBM.COM

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [fast city ping help] C:\Documents and Settings\All Users\Application Data\long extra fast city\inside media.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [JAVA_IBM] Java (IBM)

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189037145890

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194968075000

O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liceu-fabes.spba

O17 - HKLM\Software\..\Telephony: DomainName = liceu-fabes.spba

O17 - HKLM\System\CCS\Services\Tcpip\..\{A152453C-986E-4F8B-B789-D8E955F06321}: NameServer = 192.168.0.3,192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = liceu-fabes.spba

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = liceu-fabes.spba

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBM.COM

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)

O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe

O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe

O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-max.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SAVRoam (SavRoam) - Unknown owner - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (file missing)

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

--

End of file - 12217 bytes

aguardo respostas

Power Max · Novembro 16, 2009

:thumbsup: Olá Cicero! Seja bem-vindo ao Fórum Imasters.

Siga estes procedimentos abaixo nesta seqüência em que eles estão:

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download de ToolBar S&D

*Salve-o no desktop (área de trabalho).

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

*Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

*Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

*Terminando, o relatório estará em C:\ToolBar SD\TB_1.txt

__________________________________

:seta: Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > Procure por este programa destacado abaixo e o desinstale:

pdfforge Toolbar

__________________________________

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

Folders to delete:
C:\Program Files\pdfforge Toolbar

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_____________________________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: