Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Guilherme ACP

PC muuuito lento, muitos processos estranhos e pop-up de algum malware que nao sai...

Recommended Posts

Nâo lembro mais como proceder aqui...

abri um topico uma certa vez, mais faz tempo ja...

peço ajuda.

obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Lembrei como faz o log do hijackthis...

    Não entendo o q sao esses programas ae...

    Logfile of HijackThis v1.99.1

    Scan saved at 03:30:57, on 17/4/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    guilhe_acp,

    - Copie as instruções para o bloco de notas ou imprima!

    - Feche todos os navegadores e execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

    --|--

    - Por favor, faça um scan on-line em um desses links disponíveis: PANDA ou kASPERSKY

    ...em todos os discos; reserve log...

    • Obs: Usuários do Avast podem receber um alerta ao tentar utilizar o scan do PANDA. Caso receba, ignore ou desabilite o seu anti-vírus temporariamente para fazer o scan.

    - Post um novo log do hijack, do scan on-line e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • o log com o procedimento que você me pediu.

    o scan online eu fiz antes de executar o hijackthis... tem algum problema???

    aguardo resposta.

    obrigado!

    Logfile of HijackThis v1.99.1

    Scan saved at 15:46:52, on 17/4/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\alg.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Tuesday, April 17, 2007 3:42:54 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 17/04/2007

    Kaspersky Anti-Virus database records: 281224

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: standard

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    A:\

    C:\

    D:\

    E:\

    F:\

    Scan Statistics:

    Total number of scanned objects: 46256

    Number of viruses found: 0

    Number of infected objects: 0 / 0

    Number of suspicious objects: 0

    Duration of the scan process: 01:50:49

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\All Users\Dados de aplicativos\Avg7\Log\emc.log Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Histórico\History.IE5\MSHist012007041720070418\index.dat Object is locked skipped

    C:\Documents and Settings\guilherme\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\guilherme\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\guilherme\ntuser.dat Object is locked skipped

    C:\Documents and Settings\guilherme\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000650.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000651.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000652.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000653.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000654.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000655.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000656.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000657.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000658.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000659.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000660.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000661.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000662.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000663.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000664.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000665.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000666.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000667.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000668.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000669.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP10\A0000670.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000682.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000683.ocx Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000684.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000685.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000686.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000687.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000688.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000689.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000690.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000691.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000692.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000693.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000694.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000695.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000696.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000697.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000698.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000699.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000700.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000701.ocx Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000702.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000703.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000704.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000705.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000706.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000707.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000708.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000709.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP11\A0000710.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000717.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000718.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000719.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000720.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000721.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000722.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000723.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000724.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000725.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000726.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000727.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000728.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000729.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000730.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000731.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000732.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000733.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000734.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000735.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000736.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP12\A0000737.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000744.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000745.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000746.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000747.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000748.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000749.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000750.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000751.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000752.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000753.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000754.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000755.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000756.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000757.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000758.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000759.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000760.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000761.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000762.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000763.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP13\A0000764.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000771.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000772.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000773.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000774.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000775.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000776.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000777.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000778.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000779.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000780.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000781.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000782.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000783.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000784.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000785.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000786.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000787.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000788.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000789.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000790.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP14\A0000791.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000798.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000799.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000800.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000801.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000802.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000803.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000804.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000805.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP15\A0000806.cnv Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000852.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000853.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000854.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000855.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000856.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000857.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000858.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000859.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000860.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000861.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000862.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000863.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000864.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000865.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000866.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000867.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000868.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000869.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000870.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000871.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000872.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000873.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000874.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000875.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000876.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000877.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000878.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000879.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000880.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000881.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000882.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000883.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000884.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000885.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000886.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000887.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000888.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000889.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000890.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000891.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000892.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000893.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000894.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000895.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000896.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000897.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000898.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000899.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000900.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000901.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000902.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000903.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000904.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000905.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000906.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000907.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000908.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000909.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP16\A0000910.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000937.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000938.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000939.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000940.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000941.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000942.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000943.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000944.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000945.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000946.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000947.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000948.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000949.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000950.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000951.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000952.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000953.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000954.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000955.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP17\A0000956.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000963.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000964.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000965.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000966.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000967.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000968.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000969.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000970.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000971.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000972.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000973.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000974.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000975.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000976.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000977.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000978.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000979.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000980.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000981.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000982.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP18\A0000983.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001401.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001402.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001403.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001404.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001405.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001406.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001407.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001408.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001409.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001410.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001411.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001412.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001413.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001414.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001415.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001416.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001417.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001418.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001419.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001420.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001421.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001422.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP27\A0001423.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001430.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001431.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001432.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001433.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001434.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001435.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001436.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001437.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001438.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001439.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001440.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001441.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001442.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001443.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001444.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001445.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001446.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001447.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001448.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001449.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP28\A0001450.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001458.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001459.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001460.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001461.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001462.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001463.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001464.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001465.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001466.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001467.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001468.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001469.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001470.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001471.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001472.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001473.sys Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001474.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001475.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001476.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001477.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP29\A0001478.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001494.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001495.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001496.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001497.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001498.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001499.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001500.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP30\A0001501.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001512.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001513.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001514.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001515.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001516.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001517.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001518.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001519.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001520.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001521.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001522.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001523.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001524.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001525.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001526.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001527.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001528.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001529.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001530.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001531.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001532.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001533.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP31\A0001534.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001544.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001545.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001546.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001547.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001548.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001549.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001550.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001551.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001552.ocx Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001553.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001554.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001555.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001556.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001557.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP32\A0001558.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001603.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001604.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001605.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001606.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001607.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001608.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001609.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001610.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001611.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001612.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001613.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001614.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001615.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001616.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001617.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001618.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001619.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001620.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001621.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001622.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001623.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001624.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001625.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001626.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001627.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001628.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001629.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001630.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001631.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001632.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001633.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001634.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001635.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001636.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001637.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001638.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001639.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001640.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001641.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001642.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001643.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001644.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001645.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001646.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001647.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001648.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001649.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001650.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001651.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001652.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001653.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001654.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001655.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001656.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001657.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001658.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP33\A0001659.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001668.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001669.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001670.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001671.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001672.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001673.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001674.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001675.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001676.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001677.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001678.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001679.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001680.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001681.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001682.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001683.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001684.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001685.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001686.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001687.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001688.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001689.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001690.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001691.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP34\A0001692.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001769.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001770.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001771.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001772.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001773.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001774.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001775.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001776.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001777.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001778.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001779.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001780.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001781.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001782.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001783.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001784.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001785.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001786.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001787.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001788.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001789.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001790.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001791.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001792.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001793.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001794.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001795.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001796.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP39\A0001797.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000278.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000279.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000280.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000281.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000282.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000283.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000284.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000285.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000286.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000287.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000288.tsp Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000289.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000290.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000291.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000292.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000293.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000294.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000295.TSP Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000296.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000297.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000298.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000299.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000300.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000301.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000302.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000303.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000304.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000305.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000306.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000307.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000308.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000309.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000310.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000311.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000312.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000313.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000314.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000315.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000316.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000317.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000318.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000319.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000320.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000321.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000322.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000323.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000324.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000325.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000326.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000327.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000328.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000329.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP4\A0000330.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001805.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001806.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001807.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001808.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001809.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001810.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001811.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001812.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001813.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001814.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001815.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001816.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001817.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001818.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001819.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001820.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001821.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001822.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001823.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001824.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001825.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001826.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001827.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001828.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001829.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001830.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001831.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP40\A0001832.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001879.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001880.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001881.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001882.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001883.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001884.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001885.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001886.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001887.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001888.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001889.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001890.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001891.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001892.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001893.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001894.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001895.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001896.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001897.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001898.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001899.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001900.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP43\A0001901.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000436.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000437.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000438.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000439.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000440.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000441.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000442.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000443.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000444.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000445.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000446.tsp Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000447.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000448.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000449.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000450.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000451.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000452.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000453.TSP Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000454.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000455.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000456.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000457.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000458.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000459.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000460.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000461.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000462.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000463.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000464.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000465.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000466.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000467.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000468.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000469.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000470.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000471.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000472.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000473.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000474.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000475.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000476.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000477.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000478.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000479.dll Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000480.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000481.cat Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000482.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000483.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000484.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000485.inf Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000486.exe Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000487.ver Object is locked skipped

    D:\System Volume Information\_restore{35E71BB3-5700-47D2-82D0-23387757EC9B}\RP5\A0000488.dll Object is locked skipped

    Scan process completed.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    guilhe_acp, aparentemente o seu problema estava apenas no redirecionamento de páginas. Porém, ainda existe, na pasta _restore, muitas cópias de alguma infecção recente. Gostaria de saber se o problema ainda continua, caso contrário, faremos o procedimento final para limpeza desta pasta.

    B)

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ainda to com os problemas aqui... o PC fico mais rápido... entrei em modo seguro no ADMINISTRADOR e no meu USUARIO... fiz uma limpa com o AVG e SPYBOT...

    eles detectaram alguns spywares... mais ainda tá aparecendo as pop-ups... e tb tem uns prrocessos estranhos rodando no windows tb... porque o PC ainda tá meio lentnho...

    Gostaria de você me ajudasse para eliminar os problemas...

    Até mais. Obrigado!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    guilhe_acp, vamos dar uma procurada melhor...

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Execute a Ferramenta Blacklight (fsbl.exe) e aceite o acordo: Next >... Como queremos apenas o log, não remova nenhum arquivo que o programa encontrar, já que poderá ser legítimo. Clique em Scan e aguarde...

    Observação: Como o Blacklight busca arquivos escondidos. Não rode-o com algum programa, ativado, que "esconda" pastas e arquivos.

    - Na finalização do scan, o botão Show all processes aparecerá, clique em Close.

    - Reserve o log: fsb-xxxxx.log (xxxxx, são números), que estará no mesmo diretório.

    --|--

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    @- Reiniciando em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Post os log do Hijack, Blacklight (fsb-xxxxx.log), ComboFix.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola Mr Coruj@.

    Segue os logs conforme pedido. Obrigado!!! Aguardo resposta!

    Logfile of HijackThis v1.99.1

    Scan saved at 11:04:40, on 20/4/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176981396954

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    04/20/07 11:25:18 [info]: BlackLight Engine 1.0.61 initialized

    04/20/07 11:25:18 [info]: OS: 5.1 build 2600 (Service Pack 2)

    04/20/07 11:25:19 [Note]: 7019 4

    04/20/07 11:25:19 [Note]: 7005 0

    04/20/07 11:25:26 [Note]: 7006 0

    04/20/07 11:25:27 [Note]: 7011 1948

    04/20/07 11:25:28 [Note]: 7026 0

    04/20/07 11:25:29 [Note]: 7026 0

    04/20/07 11:25:33 [Note]: FSRAW library version 1.7.1021

    04/20/07 11:36:49 [Note]: 7007 0

    "guilherme" - 07-04-20 11:38:45 Service Pack 2

    ComboFix 07-04-20.3V - Running from: C:\Documents and Settings\guilherme\Desktop\

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\lmoqr.bak1

    C:\WINDOWS\system32\lmoqr.bak2

    C:\WINDOWS\system32\lmoqr.ini

    C:\WINDOWS\system32\rqoml.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))

    2007-04-20 01:12 <DIR> d-------- C:\Arquivos de programas\Lavasoft

    2007-04-19 23:55 127,720 --a------ C:\WINDOWS\system32\mucltui.dll

    2007-04-17 11:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-04-16 14:48 12,365,943 --------- C:\AVG7QT.DAT

    2007-04-16 13:24 <DIR> d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\Screenshot Sender

    2007-04-16 13:21 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

    2007-04-16 13:07 <DIR> d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\Apple Computer

    2007-04-07 07:51 <DIR> d-------- C:\WINDOWS\network diagnostic

    2007-04-07 02:38 <DIR> d-------- C:\WINDOWS\system32\pt-br

    2007-03-31 10:35 <DIR> d-------- C:\DOCUME~1\GUILHE~1\Contacts

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-04-18 12:24 -------- d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\orbit

    2007-04-18 01:21 -------- d-------- C:\DOCUME~1\GUILHE~1\DADOSD~1\lavasoft

    2007-04-16 13:21 -------- d-------- C:\Arquivos de programas\msn messenger

    2007-04-16 06:24 -------- d-------- C:\Arquivos de programas\wmr11

    2007-04-15 09:36 -------- d-------- C:\Arquivos de programas\orbitdownloader

    2007-04-14 12:42 -------- d-------- C:\Arquivos de programas\getright

    2007-04-11 02:46 1843712 --a------ C:\WINDOWS\system32\win32k.sys

    2007-04-07 13:00 62576 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-04-07 13:00 416394 --a------ C:\WINDOWS\system32\perfh016.dat

    2007-04-07 12:59 -------- d-------- C:\Arquivos de programas\java

    2007-04-01 10:37 -------- d-------- C:\Arquivos de programas\winamp

    2007-03-31 12:23 -------- d-------- C:\Arquivos de programas\gbplugin

    2007-03-24 02:00 -------- d-------- C:\Arquivos de programas\megadown

    2007-03-11 20:11 -------- d-------- C:\Arquivos de programas\programas srf

    2007-03-08 11:36 578048 --a------ C:\WINDOWS\system32\user32.dll

    2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

    2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

    2007-02-24 09:03 9216 --a------ C:\WINDOWS\system32\avgwlntf.dll

    2007-02-15 14:34 720896 --a------ C:\WINDOWS\iun6002.exe

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\sigwcqoo.dll [x]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    {C41A1C0E-EA6C-11D4-B1B8-444553540000} C:\WINDOWS\Downloaded Program Files\gbieh.dll

    {C41A1C0E-EA6C-11D4-B1B8-444553540007} C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    "AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaaxx

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check 2.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\EPSON Status Monitor 3 Environment Check 2.lnk"

    "backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "

    "item"="EPSON Status Monitor 3 Environment Check 2"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^guilherme^Menu Iniciar^Programas^Inicializar^PowerReg Scheduler.exe]

    "path"="C:\\Documents and Settings\\guilherme\\Menu Iniciar\\Programas\\Inicializar\\PowerReg Scheduler.exe"

    "backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"

    "location"="Startup"

    "command"="C:\\Documents and Settings\\guilherme\\Menu Iniciar\\Programas\\Inicializar\\PowerReg Scheduler.exe"

    "item"="PowerReg Scheduler"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="ashDisp"

    "hkey"="HKLM"

    "command"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="ctfmon"

    "hkey"="HKCU"

    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="InCD"

    "hkey"="HKLM"

    "command"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsgPlus"

    "hkey"="HKLM"

    "command"="\"C:\\Arquivos de programas\\MessengerPlus! 3\\MsgPlus.exe\""

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msmsgs"

    "hkey"="HKCU"

    "command"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NeroCheck"

    "hkey"="HKLM"

    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="jusched"

    "hkey"="HKLM"

    "command"="C:\\Arquivos de programas\\Java\\jre1.5.0_06\\bin\\jusched.exe"

    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070417-154557-402

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    backup-20070417-154557-672

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

    backup-20070417-154557-819

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

    backup-20070417-154557-442

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    backup-20070417-154557-405

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    backup-20070417-154557-232

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

    backup-20070417-154557-249

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

    backup-20070417-154557-627

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    backup-20070417-154557-129

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

    backup-20060723-013905-580

    O20 - Winlogon Notify: winsor32 - winsor32.dll (file missing)

    backup-20060723-013905-889

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

    backup-20060723-013905-150

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

    backup-20060723-013905-626

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

    backup-20060723-013905-572

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    backup-20060723-013905-135

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

    backup-20060723-013905-903

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    backup-20060723-013905-722

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

    backup-20060723-013905-437

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

    backup-20060723-013905-704

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

    backup-20060723-013905-615

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

    backup-20060723-013905-326

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

    backup-20060723-013905-983

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

    backup-20060723-013905-711

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

    Contents of the 'Scheduled Tasks' folder

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0

    ********************************************************************

    Completion time: 07-04-20 11:45:13 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 07-04-20 11:45

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mais uma ultima coisa... andei observando que um arquivo chamado svchost.exe anda ocupando sempre altas porcentagens do meu CPU quando executo algum programa do tipo internet explorer. E isso, pelo que parece, dificulta a execuçao de algum programa mais pesado... tipo e-mule.

    Obrigado!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    guilhe_acp, problema localizado... Vamos aos procedimentos!

    Observação: Não abra nenhum navegador durante os procedimentos, ok?

    @- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\system32\lmoqr.bak1
      C:\WINDOWS\system32\lmoqr.bak2
      C:\WINDOWS\system32\lmoqr.ini
      C:\WINDOWS\system32\rqoml.dll
      C:\WINDOWS\iun6002.exe
      C:\WINDOWS\system32\sigwcqoo.dll

      registry keys to delete:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557B435-8242-4686-9AA3-9265BF7525A4}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaaxx[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente...

    @- Reiniciando em modo normal.

    - Reserve o log: C:\avenger.txt

    --|--

    @- Execute a Ferramenta VundoFix.exe.

    • clique em Scan for Vundo e aguarde pacientemente...
    • Quando terminar o scan, clique em Remove Vundo.
    • Clique Yes à pergunta: "Se deseja remover os arquivos". O desktop vai sumir... Isto é normal.
    • Clique OK à pergunta: "Se deseja desligar o computador".
    • Ligue novamente o computador.

    - Reserve o log: ...\vundofix.txt

    - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

    @- Verifique se o problema continua, copie outro log do Hijack (atualizado), do Avenger.txt, vundofix.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola Mr. Coruj@

    Executei os programas que você me falou... e segue os logs abaixo. porém, parece que alguns daqueles arquivos (em vermelho, logo abaixo) estão em uma pasta chamada QooBox que eu nao sei da onde surgiu... hehehe. Aguardo resposta. Obrigado!!

    C:\WINDOWS\system32\lmoqr.bak1

    C:\WINDOWS\system32\lmoqr.bak2

    C:\WINDOWS\system32\lmoqr.ini

    C:\WINDOWS\system32\rqoml.dll

    Logfile of HijackThis v1.99.1

    Scan saved at 02:45:23, on 21/4/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\alg.exe

    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176981396954

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\jkishiqd

    *******************

    Script file located at: \??\C:\WINDOWS\system32\tdvlacpe.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\lmoqr.bak1 not found!

    Deletion of file C:\WINDOWS\system32\lmoqr.bak1 failed!

    Could not process line:

    C:\WINDOWS\system32\lmoqr.bak1

    Status: 0xc0000034

    File C:\WINDOWS\system32\lmoqr.bak2 not found!

    Deletion of file C:\WINDOWS\system32\lmoqr.bak2 failed!

    Could not process line:

    C:\WINDOWS\system32\lmoqr.bak2

    Status: 0xc0000034

    File C:\WINDOWS\system32\lmoqr.ini not found!

    Deletion of file C:\WINDOWS\system32\lmoqr.ini failed!

    Could not process line:

    C:\WINDOWS\system32\lmoqr.ini

    Status: 0xc0000034

    File C:\WINDOWS\system32\rqoml.dll not found!

    Deletion of file C:\WINDOWS\system32\rqoml.dll failed!

    Could not process line:

    C:\WINDOWS\system32\rqoml.dll

    Status: 0xc0000034

    File C:\WINDOWS\iun6002.exe deleted successfully.

    File C:\WINDOWS\system32\sigwcqoo.dll not found!

    Deletion of file C:\WINDOWS\system32\sigwcqoo.dll failed!

    Could not process line:

    C:\WINDOWS\system32\sigwcqoo.dll

    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1557B435-8242-4686-9AA3-9265BF7525A4} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaaxx deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    VundoFix V6.3.19

    Checking Java version...

    Sun Java not detected

    Scan started at 02:27:40 21/4/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    guilhe_acp,

    o ComboFix já havia feito o favor de apagar alguns arquivos, porém coloquei um reforço para evitar um possível retorno do problema. A QooBox é uma pasta de backup criada pelo ComboFix, já pode ser deletada. Acredito que agora o problema tenha sido resolvido. :)

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    _________________________________

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aparentemente tudo em ordem Mr. Coruj@

    Eu gostaria de agradecer pela valiosissima ajuda. Foi uma contribuição importante.

    Obrigado e sucesso nos novos problemas a serem resolvidos!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×