Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Pihuwzeus

Analisem meu log, por favor!!

Recommended Posts

Peguei um virus hj, que mexeu com algumas coisas do registro, mas acho q consigui tira-lo queria q analism meu log pra ver se esse trojan foi removido completamente.É`esse aqui:

Logfile of HijackThis v1.99.1

Scan saved at 15:21:00, on 5/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [winlsmss] C:\WINDOWS\SMSS.EXE %1

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Outra coisa tb, agora por causa desse virus não consigo mais colocar papel de parede, queria saber se alguem sabe o que pode ter acontecido?

Obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pihuwzeus,

@- Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

O4 - HKLM\..\Run: [winlsmss] C:\WINDOWS\SMSS.EXE %1

O4 - HKCU\..\Run: [brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

--|--

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

@- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Reserve o log: C:\ComboFix.txt

@- Post os log do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Aqui está o resultado:

    "Mauricio" - 07-05-05 17:06:33 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\kernels32.exe

    C:\WINDOWS\system32\pdp.exe.exe

    C:\WINDOWS\system32\sony.exe.exe

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00001.dll

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00002.dll

    C:\DOCUME~1\Mauricio\DADOSD~1\Install.dat

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\dinerdash.exe

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\playfirst_logo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\strings.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\customer_cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\heart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_down.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\plates.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\ticket.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\tray.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalk.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalkup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancel.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancelup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\close.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\closeup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continueover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplay.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplayover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pause.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pauseover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submitup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagain.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagainover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\comics\webcomic.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\career.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\customer.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\endless.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\global.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\powerups.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\stove.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\arrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\grab.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\open.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\arial.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowright.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\p1icon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\textedit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\title.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\credits.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\game.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help2.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelover.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\loading.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainloop.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\ok.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\pause.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\style.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upgrade.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upsell.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\webcomic.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\yesno.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\check.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\checkmark.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\clock.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closed.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closingtime.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\dollar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expert.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expertscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\fork_timer.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\goalcompleted.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level_career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\score.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\sound.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staroff.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staron.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumberup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\traynumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialbox.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorial_character.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\tables.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\select.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\table.png

    C:\WINDOWS\system32\rpcc.dll

    C:\WINDOWS\system32\spoolsvv.exe

    C:\windows\xpupdate.exe

    C:\WINDOWS\smss.exe

    C:\WINDOWS\system32\a3dxx.dll

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58

    C:\Arquivos de programas\Arquivos comuns\{F09B1~1

    C:\WINDOWS\system32\wincom32.sys

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\gb

    -------\LEGACY_GB

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))

    2007-05-05 13:27 108,835 --a------ C:\WINDOWS\system32\sony.exe

    2007-05-05 13:24 7,008 --a------ C:\WINDOWS\system32\spoolsvv.sys

    2007-05-05 13:21 <DIR> d-------- C:\Program Files

    2007-05-05 13:20 10,019 --a------ C:\syst.exe

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --a------ C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-04-07 18:30 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-07 18:30 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

    2007-04-05 00:23 73,728 --a------ C:\WINDOWS\system32\psxpadff.dll

    2007-04-05 00:23 307,200 --a------ C:\WINDOWS\system32\psxcpl.dll

    2007-04-05 00:23 16,896 --a------ C:\WINDOWS\system32\drivers\psxenum.sys

    2007-04-05 00:23 12,160 --a------ C:\WINDOWS\system32\drivers\psxpad.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-16 15:33 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-11 13:16 16896 ----s---- C:\WINDOWS\pchealter.exe

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --a------ C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-05 17:14:42

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-05 17:14:45 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 07-05-05 17:14

    Logfile of HijackThis v1.99.1

    Scan saved at 17:17:19, on 5/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    valeu!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Pihuwzeus,

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    - Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\Program Files\BraveSentry\BraveSentry.exe

    C:\WINDOWS\system32\perfc000.dat

    C:\WINDOWS\system32\spoolsvv.sys

    C:\syst.exe

    C:\svcipa.exe

    C:\WINDOWS\pchealter.exe

    C:\WINDOWS\ifinst27.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta. Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo em azul. Ao final da seleção, clique em Fix Checked...

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    - Localize a pasta abaixo em negrito, caso exista, delete-a:

    C:\Program Files\BraveSentry\

    - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

    @- Reinicie em modo normal.

    - Faça um scan On-Line com o Ewido

    http://www.ewido.net/en/onlinescan/

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Post os log do Hijack (atualizado), ComboFix.txt, do Ewido e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpe pela demora, os resultados estão aqui:

    "Mauricio" - 07-05-08 13:49:46 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Meus documentos\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\ipv6mons.dll

    C:\WINDOWS\system32\wincom32.ini

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_WINCOM32

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

    2007-05-06 12:34 <DIR> d-------- C:\!KillBox

    2007-05-05 18:45 <DIR> d--h----- C:\WINDOWS\PIF

    2007-05-05 17:14 49,152 --a------ C:\WINDOWS\nircmd.exe

    2007-05-05 13:24 7,008 --------- C:\WINDOWS\system32\spoolsvv.sys

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --------- C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-07 13:37 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-28 17:55 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-11 13:16 16896 --------- C:\WINDOWS\pchealter.exe

    2007-04-07 18:30 -------- d-------- C:\Arquivos de programas\teamspeak2_rc2

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --------- C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-08 13:53:36

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-08 13:53:39

    C:\ComboFix-quarantined-files.txt ... 07-05-08 13:53

    C:\ComboFix2.txt ... 07-05-05 17:14

    ewido anti-spyware online scanner

    http://www.ewido.net

    __________________________________________________

    Name: Logger.SCKeyLog.o

    Path: C:\System Volume Information\_restore{2A073DAF-2F1F-4732-A22C-73266A2498E8}\RP23\A0008610.exe

    Logfile of HijackThis v1.99.1

    Scan saved at 13:59:32, on 8/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    E outra coisa tem um arquivo ai q nõ sai =/, mesmo excluindo ele volta é esse aqui C:\WINDOWS\system32\perfc000.dat

    Obrigado!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Pihuwzeus,

    @- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do Código abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\system32\perfc000.dat
      C:\WINDOWS\system32\spoolsvv.sys
      C:\svcipa.exe
      C:\WINDOWS\pchealter.exe

      Registry values to replace with dummy:
      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Post os log do Hijack, ComboFix.txt, avenger.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui os resultados:

    "Mauricio" - 07-05-05 17:06:33 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\kernels32.exe

    C:\WINDOWS\system32\pdp.exe.exe

    C:\WINDOWS\system32\sony.exe.exe

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00001.dll

    C:\Arquivos de programas\Arquivos comuns\microsoft shared\web folders\ibm00002.dll

    C:\DOCUME~1\Mauricio\DADOSD~1\Install.dat

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\dinerdash.exe

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\playfirst_logo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\strings.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\customer_cup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\heart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_down.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\menu_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\plates.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\ticket.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\accessories\tray.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalk.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backchalkup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\back_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancel.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\cancelup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\career_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\close.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\closeup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\continueover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\download_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\easy_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\hard_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\help_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\highscores_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplay.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\letsplayover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\medium_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\off_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\on_on.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pause.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\pauseover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitgameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\quitover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegame.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\resumegameover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\submitup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagain.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\tryagainover.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocal.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\comics\webcomic.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\career.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\customer.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\endless.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\global.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\config\powerups.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\cook.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cook\stove.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\arrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\click2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\grab.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\cursor\open.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\idle.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\lower.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\flo\upper.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\arial.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\chair.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dirt4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\dishcart.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowright.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\p1icon.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\textedit.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\hiscore\title.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\credits.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\game.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\help2.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscore.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\levelover.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\loading.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainloop.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\ok.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\pause.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\style.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upgrade.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\upsell.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\webcomic.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\scripts\yesno.lua

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\angersmoke.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\chairflags.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\check.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\checkmark.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\clock.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closed.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\closingtime.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\coinflip.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\dollar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expert.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\expertscore.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\foodpoof.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\fork_timer.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\goalcompleted.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\heartgrow.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\jar.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\level_career.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\score.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\sound.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staroff.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\staron.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tablenumberup.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\traynumber.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorialbox.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\tutorial_character.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\tables.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\select.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58\assets\ui\upgrades\table.png

    C:\WINDOWS\system32\rpcc.dll

    C:\WINDOWS\system32\spoolsvv.exe

    C:\windows\xpupdate.exe

    C:\WINDOWS\smss.exe

    C:\WINDOWS\system32\a3dxx.dll

    C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.58

    C:\Arquivos de programas\Arquivos comuns\{F09B1~1

    C:\WINDOWS\system32\wincom32.sys

    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\gb

    -------\LEGACY_GB

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-05 ))))))))))))))))))))))))))))))))))

    2007-05-05 13:27 108,835 --a------ C:\WINDOWS\system32\sony.exe

    2007-05-05 13:24 7,008 --a------ C:\WINDOWS\system32\spoolsvv.sys

    2007-05-05 13:21 <DIR> d-------- C:\Program Files

    2007-05-05 13:20 10,019 --a------ C:\syst.exe

    2007-05-04 23:06 6,144 --a------ C:\WINDOWS\system32\perfc000.dat

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 21:45 0 --a------ C:\svcipa.exe

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-04-07 18:30 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-07 18:30 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

    2007-04-05 00:23 73,728 --a------ C:\WINDOWS\system32\psxpadff.dll

    2007-04-05 00:23 307,200 --a------ C:\WINDOWS\system32\psxcpl.dll

    2007-04-05 00:23 16,896 --a------ C:\WINDOWS\system32\drivers\psxenum.sys

    2007-04-05 00:23 12,160 --a------ C:\WINDOWS\system32\drivers\psxpad.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-16 15:33 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-11 13:16 16896 ----s---- C:\WINDOWS\pchealter.exe

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --a------ C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "appinit_dlls"="C:\WINDOWS\system32\perfc000.dat"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-05 17:14:42

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-05 17:14:45 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 07-05-05 17:14

    Logfile of HijackThis v1.99.1

    Scan saved at 12:05:49, on 10/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Documents and Settings\Mauricio\Meus documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.click21.com.br/

    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

    O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: &Pesquisa do Google - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Instantâneo da página em cache - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Links para esta página - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Páginas semelhantes - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_30.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_43.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/gamehouse/tumblebugs/axhost.cab

    O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://200.212.184.212/g_bin/eng/pirate_2_0_0_25.cab

    O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://200.212.184.212/g_bin/eng/words_2_0_0_46.cab

    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_28.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\hutwcevr

    *******************

    Script file located at: \??\C:\WINDOWS\system32\rshrqrgx.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\perfc000.dat deleted successfully.

    File C:\WINDOWS\system32\spoolsvv.sys deleted successfully.

    File C:\svcipa.exe deleted successfully.

    File C:\WINDOWS\pchealter.exe deleted successfully.

    Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Vlwww!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Pihuwzeus, acredito que já esteja tudo ok, porém, o log do combofix é antigo. Caso tenha gerado um novo conforme os procedimentos do meu post anteiror, verifique lá (C:\ComboFix2 ou 3...) novamente que deve ter um mais recente. Caso não tenha rodado o programa de novo, faça agora, pois precisaremos do log para finalizarmos o tópico, ok?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Acho q é esse:

    "Mauricio" - 07-05-10 22:36:39 Service Pack 2

    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mauricio\Meus documentos\"

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-10 to 2007-05-10 ))))))))))))))))))))))))))))))))))

    2007-05-10 15:09 <DIR> d-------- C:\Counter-Strike Source

    2007-05-10 11:59 <DIR> d-------- C:\avenger

    2007-05-08 16:16 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys

    2007-05-06 12:34 <DIR> d-------- C:\!KillBox

    2007-05-05 18:45 <DIR> d--h----- C:\WINDOWS\PIF

    2007-05-05 17:14 49,152 --a------ C:\WINDOWS\nircmd.exe

    2007-04-28 00:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2007-04-28 00:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2007-04-28 00:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2007-04-28 00:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2007-04-28 00:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2007-04-28 00:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2007-04-28 00:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2007-04-28 00:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2007-04-25 11:36 <DIR> d-------- C:\WINDOWS\RagnaDream

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\EidosNet

    2007-04-21 17:14 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

    2007-04-20 20:52 <DIR> d-------- C:\Arquivos de programas\Web Publish

    2007-04-17 00:11 2,156,544 --a------ C:\WINDOWS\New Super Mario Bros.scr

    2007-04-16 00:35 <DIR> d-------- C:\DOCUME~1\Mauricio\DADOSD~1\RadLight Company

    2007-04-16 00:35 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-04-11 13:16 <DIR> d-------- C:\WINDOWS\mswim269

    2007-04-10 20:08 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-04-10 20:08 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-04-10 20:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-04-10 20:08 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-04-10 20:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-04-10 20:08 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-04-10 20:08 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-10 20:19 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

    2007-04-28 17:55 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\teamspeak2

    2007-04-27 10:48 -------- d-------- C:\DOCUME~1\Mauricio\DADOSD~1\utorrent

    2007-04-24 23:52 -------- d-------- C:\Arquivos de programas\on-line help console

    2007-04-07 18:30 -------- d-------- C:\Arquivos de programas\teamspeak2_rc2

    2007-04-04 19:26 -------- d-------- C:\Arquivos de programas\creative labs

    2007-04-03 16:04 -------- d-------- C:\Arquivos de programas\gravity

    2007-04-02 21:49 -------- d-------- C:\Arquivos de programas\kceasy

    2007-03-31 16:26 -------- d--h----- C:\Arquivos de programas\installshield installation information

    2007-02-22 18:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-02-16 12:42 65536 --------- C:\WINDOWS\ifinst27.exe

    2007-02-11 10:27 48846 --a------ C:\WINDOWS\system32\perfc016.dat

    2007-02-11 10:27 344734 --a------ C:\WINDOWS\system32\perfh016.dat

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    {000123B4-9B42-4900-B3F7-F4B073EFC214} C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

    {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\arquivos de programas\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    @=""

    "PCTVOICE"="pctspk.exe"

    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

    "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    "InCD"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "PowerBar"=""

    "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

    NetworkService REG_MULTI_SZ DnsCache\0\0

    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    rpcss REG_MULTI_SZ RpcSs\0\0

    imgsvc REG_MULTI_SZ StiSvc\0\0

    termsvcs REG_MULTI_SZ TermService\0\0

    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPKCRYPT

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-05-10 22:37:17

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmt738c-7fd2

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????? ot???w????????????????v???????I???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    C:\WINDOWS\system32\windev-738c-7fd2.sys 139264 bytes

    C:\WINDOWS\system32\windev-peers.ini 4096 bytes

    scan completed successfully

    hidden processes: 0

    hidden services: 1

    hidden files: 2

    ********************************************************************

    Completion time: 07-05-10 22:37:21

    C:\ComboFix-quarantined-files.txt ... 07-05-10 22:37

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Pihuwzeus,

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    O seu PC também estava infectado por Bankers. Como é possível que este computador estivesse sendo utilizado para capturar as suas senhas, recomendo trocá-las.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    _________________________________

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×