[hannyp]

Por favor ajudem !!!!!

O meu computador não me permite ir para acrescentar ou eliminar programas, ele diz que o acesso denier como eu não tenho autoridade e entrar em contato com o administrador de sistema, este é o meu PC (computador portátil) e só eu e meu marido têm contas criadas sobre o computador, Tentei sob sua conta e diz que será o mesmo. Como eu posso obter este ordenadas?

Continuamos recebendo esta mensagem aparecer um alerta de segurança do Windows, Aviso Potencial spyware operação. Como posso parar esta aparecendo?

Obrigado
Hannah

[philthomas]

Você pode ser melhor para postar isso no Vírus, spyware e Segurança fórum

[hannyp]

Threads fundidos.

[evilfantasy]

Transferido para o vírus, spyware e Segurança fórum.

Vejamos um log do HijackThis por favor.

Baixar HijackThis para o seu desktop.
Dê um duplo clique no arquivo que você acabou de baixar.
Clique no botão "Instalar"Botão para instalar.
Será instalado por padrão para o diretório -- C: \ Program Files \ Trend Micro \ HijackThis
Por favor, não altere o padrão instalar localização.
Após a instalação, HijackThis deve abrir para você.

Em seguida clique no botão "Faça um sistema de digitalizar e salvar um arquivo de log " botão.
HijackThis fará a varredura e, em seguida, será aberto um log no Bloco de Notas.
No canto superior esquerdo da janela do Bloco de notas clique em "Arquivo" > "Salvar Como" nomeá-la HijackThis e, em seguida, guarde-o para a Desktop.
Salve o log como um texto (. txt) Ou de arquivo. Log
Fazer NÃO anexar MS-Word . DOC arquivos, eles não serão olhou!
Em seu post, adicionar o log como uma Penhora.
* Não tem nada ainda fixar HijackThis. A maior parte do que ele encontra serão inofensivos ou até mesmo necessária.
** Não use a analisar este botão. É achados são perigosas se mal interpretada.

Guia de registros associados a um posto

[hannyp]

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 7:42:43, em 11/25/2007
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ iwp \ NPFMntor.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ printer.exe
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Arquivos de Programas \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Arquivos de Programas \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
C: \ Arquivos de Programas \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Arquivos de Programas \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ arquivos de programas \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [SDE] C: \ Arquivos de Programas \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Arquivos de Programas \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Arquivos de Programas \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Arquivos de Programas \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ FindFast.EXE
O4 - Startup: Instituto Startup.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ Osa.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Autorun.exe
O4 - Global Startup: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1
O8 - Extra context menu item: & D & ownload & com BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra context menu item: & D & ownload all vídeo com BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra context menu item: & D & ownload all with BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ iwp \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C: \ Arquivos de Programas \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Arquivos de Programas \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
Fim do processo - 9608 bytes

Hope this helps?

[evilfantasy]

Você tem alguma dúvida muito desagradável infecções.

1. Baixar Malwarebytes' RogueRemover Livre
2. Dê um clique duplo no ícone para instalar RogueRemover e, em seguida, iniciar o programa.
3. Imprensa Check for Updates.
4. Isso vai mostrar se existe uma versão mais recente do banco de dados. Imprensa Download.
5. Volte para a tela principal e pressione Scan.
6. Se e quando for encontrada uma infecção, remover todos os objetos encontrados.

=====

Download, instalação e atualização SUPERAntiSpyware (SAS) Não execute este ainda.

SUPERAntiSpyware Free Edition

=====
Você pode querer imprimir ou copiar e colar o resto das instruções e guarde-as em um documento de texto para o seu desktop. Você não será capaz de vê-los de modo de segurança.

Reinicie no Modo de Segurança

* Reinicie o computador.
* Quando você vê a preto-e-branco Iniciando o Windows barra na parte inferior da tela, começam a tocar F8 chave.
* Quando chegar ao menu de arranque, utilize as setas para selecionar O modo de segurança
* Em seguida, pressione Digite.
* O computador é reiniciado em Modo de Segurança.

=====

Abrir HijackThis e selecione "Fazer um sistema de verificação só"

Coloque uma marca de verificação ao lado de: (se encontrado)

F2 - REG: system.ini: Shell = Explorer.exe C: \ WINDOWS \ system32 \ printer.exe
O4 - HKLM \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - HKLM \ .. \ Run: [Salestart] "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com
O4 - HKLM \ .. \ Run: [Salestart (1)] "C: \ Program Files \ Common Files \ PCPrivacyTool \ mc.exe" dm = http://pcprivacytool.com; ad = http://pcprivacytool.com
O4 - HKLM \ .. \ Run: [rtasks] C: \ Program Files \ AVSystemCare \ rtasks.exe
O4 - HKCU \ .. \ Run: [WinAVX] C: \ WINDOWS \ system32 \ WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: Autorun.exe
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Pol icies \ System, DisableRegedit = 1

Agora clique em "Fix checked"

Sair HijackThis

=====

Agora, configurar e executar SUPERAntiSpyware no Modo de Segurança.

* Sob Configuração e Preferências, Clique no Preferências botão.
* Clique no Scanando Controle separador.
* Sob Scanner Opções certifique-se as seguintes estão marcadas:
+ Feche navegadores antes da digitalização
+ Varredura para seguir bolinhos
+ Terminate memória ameaças antes quarantining.
+ Por favor, deixe os outros desmarcada.
+ Clique na Fechar botão para deixar o centro de controlo tela.
* Na tela principal, ao abrigo Digitalizar para software nocivo clique Scan seu computador.
* À esquerda check C: \ Fixo Drive.
* Do lado direito, sob Complete Scan, Escolha Realize varredura completa.
* Clique em Próximo para iniciar a digitalização. Por favor, seja paciente enquanto ele verifica o seu computador.
* Após a verificação completa é um resumo caixa irá aparecer. Clique OK.
* Certifique-se de tudo na caixa branca tem uma verificação junto a ele e, em seguida, clique em Próximo.
* Será que ela encontrou quarentena e se pergunta se você deseja reiniciar, clique em Sim.
* Para obter a remoção informação faça o seguinte:
+ Depois de reiniciar, dê um duplo clique no ícone SUPERAntiSpyware em seu desktop.
+ Clique Preferências. Clique no Estatísticas / Logs separador.
+ Sob Scanner Logs, clique duas vezes SUPERAntiSpyware Scan Log.
+ Será aberta no seu editor texto padrão (como o Bloco de Notas / Wordpad).
+ Salve o arquivo para seu desktop notepad clicando (no bloco) "Arquivo""Salvar Como"
* Salve o log em algum lugar que você pode facilmente encontrá-lo. (normalmente o desktop)
* Clique em fechar e fechar novamente para sair do programa.
* Por favor, adicionar o logon como um apego juntamente com um novo log HijackThis no próximo post.

=====

Próximo Post adicione como anexos
SUPERAntiSpyware log
Nova HijackThis log

[hannyp]

Este é o SUPERAntiSpyware Resultados:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Produzido em 11/26/2007 às 08:56
Aplicação Versão: 3/9/1008
Core Rules Database Version: 3259
Trace Rules Database Version: 1270
Scan type: Quick Scan
Total Scan Time: 00:09:24
Memória itens digitalizados: 564
Memória ameaças detectadas: 0
Secretaria itens digitalizados: 720
Secretaria ameaças detectadas: 0
Arquivo itens digitalizados: 8656
Arquivo ameaças detectadas: 84
Adware.Tracking Cookie
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@archant.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfmigoajiko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4widpifo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ overture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wflokpczkbq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.errclean [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.associatedconte nt [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1070878818 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ burstnet [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmywjdjokp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ atdmt [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ roiservice [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@122.2o7 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ apmebf [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyehcjkdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wblogncpagp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ indextools [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgmyagajsdo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@phillyburbscom.112. 2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1069870899 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ servindo-sys [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ questionmarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfk4cpcjshq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1057062368 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ adserver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ Haymarket [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyalcpcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ adrevolver [3]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ adrevolver [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@ehg-autotrader.hitbox [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ revsci [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ um [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wckigncpmfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ whatcar [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjkoejdjmgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.webdiversi ty.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wglyuiazacp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ pistonheads [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgl4qic5mlp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ próximo [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6whkiaodzcfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ hitbox [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@haynet.adbureau [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliujajshp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1066670941 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgliglc5aco.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@h.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wgkiohcpmgo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfkysjazkgp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@amazonms.122.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ bluestreak [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wfliemdzahq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1071238990 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1070144314 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlycmajsfo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ publicidade [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ 1066767647 [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@media.adrevolver [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ Adtech [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjlyqgd5ido.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ dealtime [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ tacoda [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@tracking.summitmedi a.co [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wjmikjczihq.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@www.burstnet [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ StatCounter [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@try.starware [2]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah @ clickbank [1]. Txt
C: \ Documents and Settings \ Hannah \ Cookies \ hannah@e-2dj6wbliskcjibo.stats.esomniture [2]. Txt


E aqui é o HijackThis Log:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 9:02:38, em 11/26/2007
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ bgsvcgen.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ iwp \ NPFMntor.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Arquivos de Programas \ Samsung \ Samsung EDS \ EDSAgent.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ Arquivos de Programas \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
C: \ Arquivos de Programas \ SAMSUNG \ MagicKBD \ MagicKBD.exe
C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DisplayManager.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ SM1BG.EXE
C: \ Arquivos de Programas \ Samsung \ DisplayManager \ dmhkcore.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Program Files \ FinePixViewer \ QuickDCF2.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Microsoft Office \ Office \ Osa.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqSTE08.exe
C: \ Arquivos de Programas \ Samsung \ Samsung Update Plus \ SLUTrayNotifier.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ arquivos de programas \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [SDE] C: \ Arquivos de Programas \ Samsung \ Samsung EDS \ EDSAgent.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [AVStation Premium 3,75] C: \ Arquivos de Programas \ Samsung \ AVStation Premium 3,75 \ AVSAgent.exe
O4 - HKLM \ .. \ Run: [MagicKeyboard] C: \ Arquivos de Programas \ SAMSUNG \ MagicKBD \ PreMKBD.exe
O4 - HKLM \ .. \ Run: [RestoreIT!] "C: \ Program Files \ Phoenix Technologies Ltd \ RecoverPro_XP \ VBPTASK.EXE" VBStart
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [BatteryManager] C: \ Arquivos de Programas \ Samsung \ Samsung Battery Manager \ BatteryManager.exe
O4 - HKLM \ .. \ Run: [DMHotKey] C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DMLoader.exe
O4 - HKLM \ .. \ Run: [DisplayManager] C: \ Arquivos de Programas \ Samsung \ DisplayManager \ DisplayManager.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [SM1BG] C: \ WINDOWS \ SM1BG.EXE
O4 - HKLM \ .. \ Run: [adiras] adiras.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN
O4 - HKLM \ .. \ Run: [Easy SpyRemover] C: \ Program Files \ Easy SpyRemover \ EasySpyRemover.exe / inteligentes
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ FindFast.EXE
O4 - Startup: Instituto Startup.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ Osa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C: \ Program Files \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk =?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O8 - Extra context menu item: & D & ownload & com BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra context menu item: & D & ownload all vídeo com BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra context menu item: & D & ownload all with BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.tiscali.co.uk/broadband
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (6309F0DB-E1B6-4D47-83F0-111ED3BCCD32): NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - BHA Corporation - C: \ WINDOWS \ system32 \ bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ iwp \ NPFMntor.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C: \ Arquivos de Programas \ Samsung \ Samsung Update Plus \ SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ common ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C: \ Arquivos de Programas \ Samsung \ Samsung Network Manager \ SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
--
Fim do processo - 9092 bytes

Grandes passos a seguir, até consegui-lo.

Obrigado, whats next?

[evilfantasy]

Pode ir a adicionar / remover programas, agora?

Se for o caso vá para lá e procure e desinstalar Oriente Spy Remover.

[hannyp]

Não, eu continuo a receber o aviso aparecer que diz o seguinte:
"Esta operação foi cancelada devido a restrições em efeito neste computador, entre em contato com o seu sistema administator '.

[MJM]

Arranque em modo seguro.

Reinicie o computador e mantê acertando F8. Você deve obter um menu. Escolha o melhor (Safe Mode). Ao selecionar contas não se esqueça de escolher a conta admin.
Vá em Adicionar / Remover Programas. Deverá funcionar. Caso contrário tente matar o processo (que pode ou não ser chamado de "EasySpyRemover.exe" ou similar). Tente acessar adicionar / remover novamente.