Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Guilherme ACP

PC muuuito lento, muitos processos estranhos e pop-up de algum malware que nao sai...

Recommended Posts

Nâo lembro mais como proceder aqui...

abri um topico uma certa vez, mais faz tempo ja...

peço ajuda.

obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lembrei como faz o log do hijackthis...

Não entendo o q sao esses programas ae...

Logfile of HijackThis v1.99.1

Scan saved at 03:30:57, on 17/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

guilhe_acp,

- Copie as instruções para o bloco de notas ou imprima!

- Feche todos os navegadores e execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

--|--

- Por favor, faça um scan on-line em um desses links disponíveis: PANDA ou kASPERSKY

...em todos os discos; reserve log...

  • Obs: Usuários do Avast podem receber um alerta ao tentar utilizar o scan do PANDA. Caso receba, ignore ou desabilite o seu anti-vírus temporariamente para fazer o scan.

- Post um novo log do hijack, do scan on-line e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites

o log com o procedimento que você me pediu.

o scan online eu fiz antes de executar o hijackthis... tem algum problema???

aguardo resposta.

obrigado!

Logfile of HijackThis v1.99.1

Scan saved at 15:46:52, on 17/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Tuesday, April 17, 2007 3:42:54 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 17/04/2007

Kaspersky Anti-Virus database records: 281224

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan Statistics:

Total number of scanned objects: 46256

Number of viruses found: 0

Number of infected objects: 0 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:50:49

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Dados de aplicativos\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Histórico\History.IE5\MSHist012007041720070418\index.dat Object is locked skipped

C:\Documents and Settings\guilherme\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\guilherme\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\guilherme\ntuser.dat Object is locked skipped

C:\Documents and Settings\guilherme\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000650.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000651.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000652.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000653.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000654.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000655.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000656.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000657.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000658.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000659.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000660.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000661.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000662.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000663.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000664.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000665.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000666.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000667.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000668.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000669.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000670.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000682.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000683.ocx Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000684.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000685.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000686.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000687.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000688.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000689.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000690.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000691.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000692.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000693.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000694.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000695.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000696.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000697.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000698.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000699.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000700.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000701.ocx Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000702.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000703.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000704.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000705.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000706.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000707.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000708.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000709.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000710.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000717.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000718.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000719.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000720.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000721.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000722.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000723.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000724.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000725.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000726.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000727.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000728.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000729.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000730.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000731.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000732.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000733.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000734.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000735.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000736.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000737.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000744.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000745.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000746.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000747.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000748.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000749.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000750.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000751.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000752.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000753.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000754.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000755.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000756.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000757.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000758.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000759.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000760.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000761.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000762.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000763.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000764.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000771.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000772.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000773.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000774.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000775.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000776.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000777.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000778.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000779.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000780.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000781.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000782.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000783.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000784.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000785.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000786.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000787.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000788.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000789.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000790.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000791.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000798.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000799.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000800.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000801.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000802.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000803.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000804.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000805.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000806.cnv Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000852.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000853.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000854.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000855.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000856.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000857.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000858.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000859.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000860.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000861.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000862.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000863.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000864.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000865.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000866.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000867.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000868.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000869.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000870.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000871.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000872.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000873.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000874.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000875.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000876.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000877.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000878.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000879.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000880.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000881.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000882.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000883.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000884.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000885.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000886.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000887.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000888.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000889.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000890.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000891.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000892.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000893.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000894.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000895.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000896.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000897.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000898.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000899.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000900.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000901.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000902.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000903.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000904.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000905.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000906.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000907.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000908.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000909.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000910.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000937.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000938.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000939.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000940.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000941.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000942.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000943.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000944.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000945.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000946.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000947.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000948.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000949.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000950.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000951.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000952.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000953.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000954.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000955.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000956.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000963.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000964.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000965.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000966.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000967.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000968.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000969.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000970.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000971.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000972.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000973.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000974.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000975.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000976.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000977.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000978.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000979.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000980.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000981.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000982.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000983.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001401.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001402.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001403.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001404.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001405.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001406.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001407.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001408.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001409.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001410.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001411.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001412.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001413.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001414.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001415.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001416.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001417.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001418.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001419.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001420.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001421.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001422.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001423.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001430.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001431.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001432.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001433.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001434.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001435.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001436.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001437.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001438.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001439.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001440.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001441.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001442.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001443.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001444.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001445.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001446.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001447.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001448.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001449.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001450.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001458.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001459.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001460.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001461.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001462.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001463.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001464.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001465.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001466.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001467.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001468.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001469.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001470.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001471.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001472.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001473.sys Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001474.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001475.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001476.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001477.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001478.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001494.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001495.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001496.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001497.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001498.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001499.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001500.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001501.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001512.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001513.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001514.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001515.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001516.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001517.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001518.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001519.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001520.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001521.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001522.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001523.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001524.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001525.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001526.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001527.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001528.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001529.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001530.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001531.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001532.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001533.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001534.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001544.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001545.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001546.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001547.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001548.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001549.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001550.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001551.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001552.ocx Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001553.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001554.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001555.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001556.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001557.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001558.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001603.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001604.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001605.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001606.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001607.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001608.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001609.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001610.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001611.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001612.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001613.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001614.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001615.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001616.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001617.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001618.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001619.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001620.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001621.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001622.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001623.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001624.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001625.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001626.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001627.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001628.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001629.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001630.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001631.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001632.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001633.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001634.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001635.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001636.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001637.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001638.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001639.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001640.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001641.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001642.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001643.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001644.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001645.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001646.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001647.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001648.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001649.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001650.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001651.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001652.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001653.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001654.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001655.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001656.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001657.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001658.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001659.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001668.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001669.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001670.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001671.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001672.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001673.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001674.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001675.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001676.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001677.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001678.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001679.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001680.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001681.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001682.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001683.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001684.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001685.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001686.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001687.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001688.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001689.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001690.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001691.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001692.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001769.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001770.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001771.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001772.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001773.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001774.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001775.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001776.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001777.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001778.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001779.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001780.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001781.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001782.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001783.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001784.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001785.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001786.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001787.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001788.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001789.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001790.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001791.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001792.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001793.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001794.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001795.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001796.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001797.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000278.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000279.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000280.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000281.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000282.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000283.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000284.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000285.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000286.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000287.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000288.tsp Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000289.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000290.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000291.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000292.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000293.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000294.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000295.TSP Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000296.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000297.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000298.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000299.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000300.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000301.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000302.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000303.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000304.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000305.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000306.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000307.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000308.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000309.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000310.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000311.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000312.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000313.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000314.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000315.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000316.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000317.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000318.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000319.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000320.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000321.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000322.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000323.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000324.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000325.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000326.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000327.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000328.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000329.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000330.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001805.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001806.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001807.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001808.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001809.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001810.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001811.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001812.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001813.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001814.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001815.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001816.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001817.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001818.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001819.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001820.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001821.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001822.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001823.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001824.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001825.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001826.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001827.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001828.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001829.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001830.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001831.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001832.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001879.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001880.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001881.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001882.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001883.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001884.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001885.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001886.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001887.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001888.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001889.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001890.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001891.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001892.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001893.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001894.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001895.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001896.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001897.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001898.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001899.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001900.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001901.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000436.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000437.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000438.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000439.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000440.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000441.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000442.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000443.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000444.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000445.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000446.tsp Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000447.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000448.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000449.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000450.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000451.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000452.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000453.TSP Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000454.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000455.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000456.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000457.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000458.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000459.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000460.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000461.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000462.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000463.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000464.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000465.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000466.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000467.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000468.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000469.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000470.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000471.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000472.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000473.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000474.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000475.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000476.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000477.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000478.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000479.dll Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000480.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000481.cat Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000482.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000483.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000484.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000485.inf Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000486.exe Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000487.ver Object is locked skipped

D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000488.dll Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

guilhe_acp, aparentemente o seu problema estava apenas no redirecionamento de páginas. Porém, ainda existe, na pasta _restore, muitas cópias de alguma infecção recente. Gostaria de saber se o problema ainda continua, caso contrário, faremos o procedimento final para limpeza desta pasta.

B)

Um forte abraço,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda to com os problemas aqui... o PC fico mais rápido... entrei em modo seguro no ADMINISTRADOR e no meu USUARIO... fiz uma limpa com o AVG e SPYBOT...

eles detectaram alguns spywares... mais ainda tá aparecendo as pop-ups... e tb tem uns prrocessos estranhos rodando no windows tb... porque o PC ainda tá meio lentnho...

Gostaria de você me ajudasse para eliminar os problemas...

Até mais. Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

guilhe_acp, vamos dar uma procurada melhor...

@- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

@- Execute a Ferramenta Blacklight (fsbl.exe) e aceite o acordo: Next >... Como queremos apenas o log, não remova nenhum arquivo que o programa encontrar, já que poderá ser legítimo. Clique em Scan e aguarde...

Observação: Como o Blacklight busca arquivos escondidos. Não rode-o com algum programa, ativado, que "esconda" pastas e arquivos.

- Na finalização do scan, o botão Show all processes aparecerá, clique em Close.

- Reserve o log: fsb-xxxxx.log (xxxxx, são números), que estará no mesmo diretório.

--|--

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

@- Reiniciando em modo normal...

- Reserve o log: C:\ComboFix.txt

@- Post os log do Hijack, Blacklight (fsb-xxxxx.log), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Mr Coruj@.

Segue os logs conforme pedido. Obrigado!!! Aguardo resposta!

Logfile of HijackThis v1.99.1

Scan saved at 11:04:40, on 20/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176981396954

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

04/20/07 11:25:18 [info]: BlackLight Engine 1.0.61 initialized

04/20/07 11:25:18 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/20/07 11:25:19 [Note]: 7019 4

04/20/07 11:25:19 [Note]: 7005 0

04/20/07 11:25:26 [Note]: 7006 0

04/20/07 11:25:27 [Note]: 7011 1948

04/20/07 11:25:28 [Note]: 7026 0

04/20/07 11:25:29 [Note]: 7026 0

04/20/07 11:25:33 [Note]: FSRAW library version 1.7.1021

04/20/07 11:36:49 [Note]: 7007 0

"guilherme" - 07-04-20 11:38:45 Service Pack 2

ComboFix 07-04-20.3V - Running from: C:\Documents and Settings\guilherme\Desktop\

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\lmoqr.bak1

C:\WINDOWS\system32\lmoqr.bak2

C:\WINDOWS\system32\lmoqr.ini

C:\WINDOWS\system32\rqoml.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))

2007-04-20 01:12 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-04-19 23:55 127,720 --a------ C:\WINDOWS\system32\mucltui.dll

2007-04-17 11:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-04-16 14:48 12,365,943 --------- C:\AVG7QT.DAT

2007-04-16 13:24 <DIR> d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\Screenshot Sender

2007-04-16 13:21 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-04-16 13:07 <DIR> d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\Apple Computer

2007-04-07 07:51 <DIR> d-------- C:\WINDOWS\network diagnostic

2007-04-07 02:38 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-03-31 10:35 <DIR> d-------- C:\DOCUME~1\GUILHE~1\Contacts

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 12:24 -------- d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\orbit

2007-04-18 01:21 -------- d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\lavasoft

2007-04-16 13:21 -------- d-------- C:\Arquivos de programas\msn messenger

2007-04-16 06:24 -------- d-------- C:\Arquivos de programas\wmr11

2007-04-15 09:36 -------- d-------- C:\Arquivos de programas\orbitdownloader

2007-04-14 12:42 -------- d-------- C:\Arquivos de programas\getright

2007-04-11 02:46 1843712 --a------ C:\WINDOWS\system32\win32k.sys

2007-04-07 13:00 62576 --a------ C:\WINDOWS\system32\perfc016.dat

2007-04-07 13:00 416394 --a------ C:\WINDOWS\system32\perfh016.dat

2007-04-07 12:59 -------- d-------- C:\Arquivos de programas\java

2007-04-01 10:37 -------- d-------- C:\Arquivos de programas\winamp

2007-03-31 12:23 -------- d-------- C:\Arquivos de programas\gbplugin

2007-03-24 02:00 -------- d-------- C:\Arquivos de programas\megadown

2007-03-11 20:11 -------- d-------- C:\Arquivos de programas\programas srf

2007-03-08 11:36 578048 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-02-24 09:03 9216 --a------ C:\WINDOWS\system32\avgwlntf.dll

2007-02-15 14:34 720896 --a------ C:\WINDOWS\iun6002.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\sigwcqoo.dll [x]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

{C41A1C0E-EA6C-11D4-B1B8-444553540000} C:\WINDOWS\Downloaded Program Files\gbieh.dll

{C41A1C0E-EA6C-11D4-B1B8-444553540007} C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaaxx

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check 2.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\EPSON Status Monitor 3 Environment Check 2.lnk"

"backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "

"item"="EPSON Status Monitor 3 Environment Check 2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^guilherme^Menu Iniciar^Programas^Inicializar^PowerReg Scheduler.exe]

"path"="C:\\Documents and Settings\\guilherme\\Menu Iniciar\\Programas\\Inicializar\\PowerReg Scheduler.exe"

"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"

"location"="Startup"

"command"="C:\\Documents and Settings\\guilherme\\Menu Iniciar\\Programas\\Inicializar\\PowerReg Scheduler.exe"

"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ashDisp"

"hkey"="HKLM"

"command"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="InCD"

"hkey"="HKLM"

"command"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsgPlus"

"hkey"="HKLM"

"command"="\"C:\\Arquivos de programas\\MessengerPlus! 3\\MsgPlus.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070417-154557-402

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

backup-20070417-154557-672

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20070417-154557-819

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

backup-20070417-154557-442

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20070417-154557-405

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20070417-154557-232

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

backup-20070417-154557-249

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

backup-20070417-154557-627

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

backup-20070417-154557-129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

backup-20060723-013905-580

O20 - Winlogon Notify: winsor32 - winsor32.dll (file missing)

backup-20060723-013905-889

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

backup-20060723-013905-150

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

backup-20060723-013905-626

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20060723-013905-572

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20060723-013905-135

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

backup-20060723-013905-903

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20060723-013905-722

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

backup-20060723-013905-437

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

backup-20060723-013905-704

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

backup-20060723-013905-615

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

backup-20060723-013905-326

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

backup-20060723-013905-983

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

backup-20060723-013905-711

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

********************************************************************

Completion time: 07-04-20 11:45:13 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 07-04-20 11:45

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mais uma ultima coisa... andei observando que um arquivo chamado svchost.exe anda ocupando sempre altas porcentagens do meu CPU quando executo algum programa do tipo internet explorer. E isso, pelo que parece, dificulta a execuçao de algum programa mais pesado... tipo e-mule.

Obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

guilhe_acp, problema localizado... Vamos aos procedimentos!

Observação: Não abra nenhum navegador durante os procedimentos, ok?

@- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

- Copie as instruções para o bloco de notas ou imprima!

@- Execute a Ferramenta avenger.exe. Confirme: OK.

  • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
  • Clique no ícone da lupa.
  • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
    [color=#993300][b]Files to delete:
    C:\WINDOWS\system32\lmoqr.bak1
    C:\WINDOWS\system32\lmoqr.bak2
    C:\WINDOWS\system32\lmoqr.ini
    C:\WINDOWS\system32\rqoml.dll
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\sigwcqoo.dll

    registry keys to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557B435-8242-4686-9AA3-9265BF7525A4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaaxx[/b][/color]

  • Clique em "Done".
  • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

- O computador reiniciará automaticamente...

@- Reiniciando em modo normal.

- Reserve o log: C:\avenger.txt

--|--

@- Execute a Ferramenta VundoFix.exe.

  • clique em Scan for Vundo e aguarde pacientemente...
  • Quando terminar o scan, clique em Remove Vundo.
  • Clique Yes à pergunta: "Se deseja remover os arquivos". O desktop vai sumir... Isto é normal.
  • Clique OK à pergunta: "Se deseja desligar o computador".
  • Ligue novamente o computador.

- Reserve o log: ...\vundofix.txt

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

@- Verifique se o problema continua, copie outro log do Hijack (atualizado), do Avenger.txt, vundofix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Mr. Coruj@

Executei os programas que você me falou... e segue os logs abaixo. porém, parece que alguns daqueles arquivos (em vermelho, logo abaixo) estão em uma pasta chamada QooBox que eu nao sei da onde surgiu... hehehe. Aguardo resposta. Obrigado!!

C:\WINDOWS\system32\lmoqr.bak1

C:\WINDOWS\system32\lmoqr.bak2

C:\WINDOWS\system32\lmoqr.ini

C:\WINDOWS\system32\rqoml.dll

Logfile of HijackThis v1.99.1

Scan saved at 02:45:23, on 21/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176981396954

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\jkishiqd

*******************

Script file located at: \??\C:\WINDOWS\system32\tdvlacpe.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\lmoqr.bak1 not found!

Deletion of file C:\WINDOWS\system32\lmoqr.bak1 failed!

Could not process line:

C:\WINDOWS\system32\lmoqr.bak1

Status: 0xc0000034

File C:\WINDOWS\system32\lmoqr.bak2 not found!

Deletion of file C:\WINDOWS\system32\lmoqr.bak2 failed!

Could not process line:

C:\WINDOWS\system32\lmoqr.bak2

Status: 0xc0000034

File C:\WINDOWS\system32\lmoqr.ini not found!

Deletion of file C:\WINDOWS\system32\lmoqr.ini failed!

Could not process line:

C:\WINDOWS\system32\lmoqr.ini

Status: 0xc0000034

File C:\WINDOWS\system32\rqoml.dll not found!

Deletion of file C:\WINDOWS\system32\rqoml.dll failed!

Could not process line:

C:\WINDOWS\system32\rqoml.dll

Status: 0xc0000034

File C:\WINDOWS\iun6002.exe deleted successfully.

File C:\WINDOWS\system32\sigwcqoo.dll not found!

Deletion of file C:\WINDOWS\system32\sigwcqoo.dll failed!

Could not process line:

C:\WINDOWS\system32\sigwcqoo.dll

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557B435-8242-4686-9AA3-9265BF7525A4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaaxx deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

VundoFix V6.3.19

Checking Java version...

Sun Java not detected

Scan started at 02:27:40 21/4/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Compartilhar este post


Link para o post
Compartilhar em outros sites

guilhe_acp,

o ComboFix já havia feito o favor de apagar alguns arquivos, porém coloquei um reforço para evitar um possível retorno do problema. A QooBox é uma pasta de backup criada pelo ComboFix, já pode ser deletada. Acredito que agora o problema tenha sido resolvido. :)

O seu log está LIMPO! Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

Obrigado pelo retorno e um forte abraço!

_________________________________

Mr. Coruj@

Botão Reportar: (report.gif /report.gif)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente tudo em ordem Mr. Coruj@

Eu gostaria de agradecer pela valiosissima ajuda. Foi uma contribuição importante.

Obrigado e sucesso nos novos problemas a serem resolvidos!

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×