HAXFIX logfile - by Marckie version 4.57_1 2007-11-14 18:42:47,68 — Checking for Haxdoor — checking for a3d files a3d files not found checking for matching notify keys no matching notify keys found checking for matching services matching services found Aspi32 checking for matching safeboot services no matching safeboot services found checking for other Haxdoor-files no other Haxdoor-files found — Checking for Goldun — checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected — Catchme logfile - thank you Gmer — catchme 0.3.1207.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 18:42:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:adc5b5d8 “s2”=dword:45af17cb “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:22,04,2b,31,d7,36,b8,c6,9c,96,2b,b4,f4,33,f5,c9,74,77,59,20,af,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:98,21,23,bf,b5,b5,de,ba,01,b2,42,04,e2,d1,1f,90,11,f5,5f,e9,02,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,12,5d,09,00,2b,9e,bd,91,a6,6b,2e,54,52,cd,09,c5,a4,… “khjeh”=hex:ba,1b,cb,05,b1,cc,de,68,53,fd,5d,f7,5d,a0,9d,f8,76,21,f4,d4,0b,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:39,42,79,cf,cc,6f,6b,03,5c,fe,bb,27,1f,72,97,16,07,06,77,1f,62,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:22,04,2b,31,d7,36,b8,c6,9c,96,2b,b4,f4,33,f5,c9,74,77,59,20,af,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:98,21,23,bf,b5,b5,de,ba,01,b2,42,04,e2,d1,1f,90,11,f5,5f,e9,02,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,12,5d,09,00,2b,9e,bd,91,a6,6b,2e,54,52,cd,09,c5,a4,… “khjeh”=hex:ba,1b,cb,05,b1,cc,de,68,53,fd,5d,f7,5d,a0,9d,f8,76,21,f4,d4,0b,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:39,42,79,cf,cc,6f,6b,03,5c,fe,bb,27,1f,72,97,16,07,06,77,1f,62,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … C:\serv.txt scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 — Analysing Catchme logfile — no matching regkeys found Finished!