Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Pihuwzeus

Analisem meu log, por favor!!

Recommended Posts

Pihuwzeus    0

Peguei um virus hj, que mexeu com algumas coisas do registro, mas acho q consigui tira-lo queria q analism meu log pra ver se esse trojan foi removido completamente.É`esse aqui:

Logfile of HijackThis v1.99.1

Scan saved at 15:21:00, on 5/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [winlsmss] C:\WINDOWS\SMSS.EXE %1

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Outra coisa tb, agora por causa desse virus não consigo mais colocar papel de parede, queria saber se alguem sabe o que pode ter acontecido?

Obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Mr. Coruj@    0

Pihuwzeus,

@- Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

O4 - HKLM\..\Run: [winlsmss] C:\WINDOWS\SMSS.EXE %1

O4 - HKCU\..\Run: [brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

--|--

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

@- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Reserve o log: C:\ComboFix.txt

@- Post os log do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites
Pihuwzeus    0
  • Autor do tópico
  • Aqui está o resultado:

    "Mauricio" - 07-05-05 17:06:33 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\kernels32.exe

    C:\WINDOWS\system32\pdp.exe.exe

    C:\WINDOWS\system32\sony.exe.exe

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00001.dll

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00002.dll

    C:\DOCUME~1\Mauricio\DADOSD~1\Install.dat

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\dinerdash.exe

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\playfirst_logo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\strings.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\customer_cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\heart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_down.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\plates.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\ticket.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\tray.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalk.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalkup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancel.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancelup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\close.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\closeup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continueover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplay.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplayover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pause.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pauseover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submitup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagain.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagainover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\comics\webcomic.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\career.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\customer.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\endless.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\global.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\powerups.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\stove.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\arrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\grab.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\open.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\arial.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowright.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\p1icon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\textedit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\title.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\credits.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\game.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help2.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelover.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\loading.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainloop.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\ok.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\pause.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\style.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upgrade.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upsell.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\webcomic.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\yesno.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\check.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\checkmark.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\clock.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closed.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closingtime.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\dollar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expert.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expertscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\fork_timer.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\goalcompleted.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level_career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\score.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\sound.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staroff.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staron.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumberup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\traynumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialbox.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorial_character.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\tables.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\select.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\table.png

    C:\WINDOWS\system32\rpcc.dll

    C:\WINDOWS\system32\spoolsvv.exe

    C:\windows\xpupdate.exe

    C:\WINDOWS\smss.exe

    C:\WINDOWS\system32\a3dxx.dll

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58

    C:\Arquivos de programas\Arquivos comuns\{F09B1~1

    C:\WINDOWS\system32\wincom32.sys

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\gb

    -------\LEGACY_GB

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))

    2007-05-05 13:27 108,835 --a------ C:\WINDOWS\system32\sony.exe

    2007-05-05 13:24 7,008 --a------ C:\WINDOWS\system32\spoolsvv.sys

    2007-05-05 13:21 <DIR> d-------- C:\Program Files

    2007-05-05 13:20 10,019 --a------ C:\syst.exe

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --a------ C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-04-07 18:30 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-07 18:30 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

    2007-04-05 00:23 73,728 --a------ C:\WINDOWS\system32\psxpadff.dll

    2007-04-05 00:23 307,200 --a------ C:\WINDOWS\system32\psxcpl.dll

    2007-04-05 00:23 16,896 --a------ C:\WINDOWS\system32\drivers\psxenum.sys

    2007-04-05 00:23 12,160 --a------ C:\WINDOWS\system32\drivers\psxpad.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-16 15:33 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-11 13:16 16896 ----s---- C:\WINDOWS\pchealter.exe

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --a------ C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-05 17:14:42

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-05 17:14:45 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 07-05-05 17:14

    Logfile of HijackThis v1.99.1

    Scan saved at 17:17:19, on 5/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    valeu!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    Pihuwzeus,

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    - Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\Program Files\BraveSentry\BraveSentry.exe

    C:\WINDOWS\system32\perfc000.dat

    C:\WINDOWS\system32\spoolsvv.sys

    C:\syst.exe

    C:\svcipa.exe

    C:\WINDOWS\pchealter.exe

    C:\WINDOWS\ifinst27.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta. Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    - Localize a pasta abaixo em negrito, caso exista, delete-a:

    C:\Program Files\BraveSentry\

    - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

    @- Reinicie em modo normal.

    - Faça um scan On-Line com o Ewido

    http://www.ewido.net/en/onlinescan/

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Post os log do Hijack (atualizado), ComboFix.txt, do Ewido e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Pihuwzeus    0
  • Autor do tópico
  • Desculpe pela demora, os resultados estão aqui:

    "Mauricio" - 07-05-08 13:49:46 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Meus documentos\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\ipv6mons.dll

    C:\WINDOWS\system32\wincom32.ini

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_WINCOM32

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

    2007-05-06 12:34 <DIR> d-------- C:\!KillBox

    2007-05-05 18:45 <DIR> d--h----- C:\WINDOWS\PIF

    2007-05-05 17:14 49,152 --a------ C:\WINDOWS\nircmd.exe

    2007-05-05 13:24 7,008 --------- C:\WINDOWS\system32\spoolsvv.sys

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --------- C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-07 13:37 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-28 17:55 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-11 13:16 16896 --------- C:\WINDOWS\pchealter.exe

    2007-04-07 18:30 -------- d-------- C:\Arquivos de programas\teamspeak2_rc2

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --------- C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-08 13:53:36

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-08 13:53:39

    C:\ComboFix-quarantined-files.txt ... 07-05-08 13:53

    C:\ComboFix2.txt ... 07-05-05 17:14

    ewido anti-spyware online scanner

    http://www.ewido.net

    __________________________________________________

    Name: Logger.SCKeyLog.o

    Path: C:\System Volume Information\_restore{2A073DAF-2F1F-4732-A22C-73266A2498E8}\RP23\A0008610.exe

    Logfile of HijackThis v1.99.1

    Scan saved at 13:59:32, on 8/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    E outra coisa tem um arquivo ai q nõ sai =/, mesmo excluindo ele volta é esse aqui C:\WINDOWS\system32\perfc000.dat

    Obrigado!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    Pihuwzeus,

    @- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do Código abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\system32\perfc000.dat
      C:\WINDOWS\system32\spoolsvv.sys
      C:\svcipa.exe
      C:\WINDOWS\pchealter.exe

      Registry values to replace with dummy:
      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Post os log do Hijack, ComboFix.txt, avenger.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Pihuwzeus    0
  • Autor do tópico
  • Aqui os resultados:

    "Mauricio" - 07-05-05 17:06:33 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\kernels32.exe

    C:\WINDOWS\system32\pdp.exe.exe

    C:\WINDOWS\system32\sony.exe.exe

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00001.dll

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00002.dll

    C:\DOCUME~1\Mauricio\DADOSD~1\Install.dat

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\dinerdash.exe

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\playfirst_logo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\strings.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\customer_cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\heart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_down.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\plates.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\ticket.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\tray.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalk.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalkup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancel.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancelup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\close.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\closeup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continueover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplay.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplayover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pause.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pauseover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submitup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagain.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagainover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\comics\webcomic.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\career.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\customer.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\endless.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\global.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\powerups.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\stove.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\arrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\grab.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\open.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\arial.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowright.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\p1icon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\textedit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\title.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\credits.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\game.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help2.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelover.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\loading.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainloop.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\ok.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\pause.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\style.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upgrade.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upsell.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\webcomic.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\yesno.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\check.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\checkmark.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\clock.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closed.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closingtime.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\dollar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expert.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expertscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\fork_timer.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\goalcompleted.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level_career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\score.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\sound.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staroff.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staron.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumberup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\traynumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialbox.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorial_character.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\tables.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\select.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\table.png

    C:\WINDOWS\system32\rpcc.dll

    C:\WINDOWS\system32\spoolsvv.exe

    C:\windows\xpupdate.exe

    C:\WINDOWS\smss.exe

    C:\WINDOWS\system32\a3dxx.dll

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58

    C:\Arquivos de programas\Arquivos comuns\{F09B1~1

    C:\WINDOWS\system32\wincom32.sys

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\gb

    -------\LEGACY_GB

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))

    2007-05-05 13:27 108,835 --a------ C:\WINDOWS\system32\sony.exe

    2007-05-05 13:24 7,008 --a------ C:\WINDOWS\system32\spoolsvv.sys

    2007-05-05 13:21 <DIR> d-------- C:\Program Files

    2007-05-05 13:20 10,019 --a------ C:\syst.exe

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --a------ C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-04-07 18:30 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-07 18:30 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

    2007-04-05 00:23 73,728 --a------ C:\WINDOWS\system32\psxpadff.dll

    2007-04-05 00:23 307,200 --a------ C:\WINDOWS\system32\psxcpl.dll

    2007-04-05 00:23 16,896 --a------ C:\WINDOWS\system32\drivers\psxenum.sys

    2007-04-05 00:23 12,160 --a------ C:\WINDOWS\system32\drivers\psxpad.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-16 15:33 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-11 13:16 16896 ----s---- C:\WINDOWS\pchealter.exe

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --a------ C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-05 17:14:42

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-05 17:14:45 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 07-05-05 17:14

    Logfile of HijackThis v1.99.1

    Scan saved at 12:05:49, on 10/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\hutwcevr

    *******************

    Script file located at: \??\C:\WINDOWS\system32\rshrqrgx.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\perfc000.dat deleted successfully.

    File C:\WINDOWS\system32\spoolsvv.sys deleted successfully.

    File C:\svcipa.exe deleted successfully.

    File C:\WINDOWS\pchealter.exe deleted successfully.

    Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Vlwww!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    Pihuwzeus, acredito que já esteja tudo ok, porém, o log do combofix é antigo. Caso tenha gerado um novo conforme os procedimentos do meu post anteiror, verifique lá (C:\ComboFix2 ou 3...) novamente que deve ter um mais recente. Caso não tenha rodado o programa de novo, faça agora, pois precisaremos do log para finalizarmos o tópico, ok?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Pihuwzeus    0
  • Autor do tópico
  • Acho q é esse:

    "Mauricio" - 07-05-10 22:36:39 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Meus documentos\"

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 ))))))))))))))))))))))))))))))))))

    2007-05-10 15:09 <DIR> d-------- C:\Counter-Strike Source

    2007-05-10 11:59 <DIR> d-------- C:\avenger

    2007-05-08 16:16 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys

    2007-05-06 12:34 <DIR> d-------- C:\!KillBox

    2007-05-05 18:45 <DIR> d--h----- C:\WINDOWS\PIF

    2007-05-05 17:14 49,152 --a------ C:\WINDOWS\nircmd.exe

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-10 20:19 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-28 17:55 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-07 18:30 -------- d-------- C:\Arquivos de programas\teamspeak2_rc2

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --------- C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPKCRYPT

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-10 22:37:17

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-10 22:37:21

    C:\ComboFix-quarantined-files.txt ... 07-05-10 22:37

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    Pihuwzeus,

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    O seu PC também estava infectado por Bankers. Como é possível que este computador estivesse sendo utilizado para capturar as suas senhas, recomendo trocá-las.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    _________________________________

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×