Hi essexboy,
Sorry for the delay. I had been busy the last days. I retake the thread with the last log produced. I took the advantage to backup some recent files. I am ready to act on MBR if needed
atis
___________________________________
C:\Documents and Settings\mga\Desktop\HAMeb_check.exe
20/06/2011 at 22:04:19,03
Account active No
Local Group Memberships *Administrators
~~ Checking profile list ~~
S-1-5-21-2798417395-2383758349-3804553033-1005
%SystemDrive%\Documents and Settings\HelpAssistant
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
~~ Checking for termsrv32.dll ~~
termsrv32.dll present!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
~~ EOF ~~