Esegui 
Premetto che non ci capisco nulla e che sicuramente farò pasticcio anche nel postare per cui mi scuso in anticipo e ringrazio per la comprensione
Questo è del warning di avast (credo sia questo che devo postare)
18/12/2008 0.27.43 1229556463 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.27.44 1229556464 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.01 1229556481 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.01 1229556481 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.20 1229556500 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
18/12/2008 0.28.22 1229556502 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
18/12/2008 0.28.22 1229556502 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
18/12/2008 0.28.23 1229556503 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
18/12/2008 0.28.23 1229556503 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
18/12/2008 0.28.25 1229556505 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
18/12/2008 0.28.26 1229556506 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
18/12/2008 0.28.26 1229556507 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
18/12/2008 0.28.27 1229556507 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
18/12/2008 0.28.29 1229556509 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
18/12/2008 0.28.29 1229556509 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
18/12/2008 0.28.30 1229556510 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
18/12/2008 0.28.30 1229556510 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
18/12/2008 0.28.31 1229556511 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
18/12/2008 0.28.32 1229556512 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
18/12/2008 0.28.32 1229556512 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
18/12/2008 0.28.33 1229556513 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
18/12/2008 0.28.33 1229556513 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
18/12/2008 0.28.34 1229556514 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
18/12/2008 0.28.35 1229556515 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
18/12/2008 0.28.35 1229556515 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
18/12/2008 0.28.36 1229556516 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
18/12/2008 0.28.36 1229556516 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
18/12/2008 0.28.37 1229556517 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
18/12/2008 0.28.38 1229556518 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
18/12/2008 0.28.38 1229556518 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
18/12/2008 0.28.39 1229556519 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
18/12/2008 0.28.39 1229556519 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
18/12/2008 0.28.40 1229556520 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
18/12/2008 0.28.41 1229556521 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
18/12/2008 0.28.41 1229556521 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
18/12/2008 0.28.42 1229556522 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
18/12/2008 0.28.46 1229556526 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
18/12/2008 0.28.48 1229556528 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
18/12/2008 0.28.48 1229556528 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
18/12/2008 0.28.49 1229556529 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
18/12/2008 0.28.50 1229556530 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
18/12/2008 0.28.53 1229556533 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
18/12/2008 0.28.54 1229556534 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
18/12/2008 0.28.55 1229556535 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
18/12/2008 0.28.55 1229556535 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
18/12/2008 0.28.56 1229556536 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
18/12/2008 0.28.56 1229556536 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
18/12/2008 0.28.57 1229556537 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
18/12/2008 0.28.58 1229556538 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
18/12/2008 0.28.59 1229556539 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
18/12/2008 0.28.59 1229556539 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
18/12/2008 0.29.00 1229556540 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
18/12/2008 0.29.01 1229556541 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
18/12/2008 0.29.01 1229556541 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
18/12/2008 0.29.02 1229556542 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
18/12/2008 0.29.03 1229556543 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
18/12/2008 0.29.03 1229556543 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
18/12/2008 0.29.04 1229556544 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
18/12/2008 0.29.04 1229556544 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
18/12/2008 0.29.09 1229556549 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
18/12/2008 0.29.10 1229556550 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
18/12/2008 0.29.10 1229556550 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
18/12/2008 0.29.11 1229556551 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
18/12/2008 0.29.11 1229556551 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
18/12/2008 0.29.12 1229556552 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
18/12/2008 0.29.13 1229556553 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
18/12/2008 0.29.14 1229556554 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
18/12/2008 0.29.14 1229556554 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
18/12/2008 0.29.15 1229556555 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
18/12/2008 0.29.16 1229556556 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
18/12/2008 0.29.17 1229556557 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
18/12/2008 0.29.17 1229556557 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
18/12/2008 0.29.18 1229556558 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
18/12/2008 0.29.19 1229556559 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
18/12/2008 0.29.20 1229556560 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
18/12/2008 0.29.20 1229556560 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
18/12/2008 0.29.21 1229556561 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
18/12/2008 0.29.21 1229556561 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
18/12/2008 0.29.22 1229556562 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
18/12/2008 0.29.22 1229556562 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
18/12/2008 0.29.27 1229556567 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\aceapctl.ocx" file.
18/12/2008 0.29.28 1229556568 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\acerctrl.ocx" file.
18/12/2008 0.29.28 1229556568 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\LunchApp.ocx" file.
18/12/2008 0.29.29 1229556569 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scaxbtns.ocx" file.
18/12/2008 0.29.30 1229556570 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scdiags.ocx" file.
18/12/2008 0.29.30 1229556570 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scintro.ocx" file.
18/12/2008 0.29.31 1229556571 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scmaint.ocx" file.
18/12/2008 0.29.31 1229556571 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scsupt.ocx" file.
18/12/2008 0.29.34 1229556574 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\vsocx32.ocx" file.
18/12/2008 0.31.34 1229556694 Mentis 380 Sign of "." has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System\1.0.5000.0__b77a5c561934e089\System.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System\1.0.5000.0__b77a5c561934e089\System.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\aceapctl.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\acerctrl.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\LunchApp.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scaxbtns.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scdiags.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scintro.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scmaint.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scsupt.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\vsocx32.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
18/12/2008 0.27.44 1229556464 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.01 1229556481 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.01 1229556481 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe" file.
18/12/2008 0.28.20 1229556500 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
18/12/2008 0.28.22 1229556502 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
18/12/2008 0.28.22 1229556502 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
18/12/2008 0.28.23 1229556503 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
18/12/2008 0.28.23 1229556503 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
18/12/2008 0.28.25 1229556505 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
18/12/2008 0.28.26 1229556506 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
18/12/2008 0.28.26 1229556507 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
18/12/2008 0.28.27 1229556507 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
18/12/2008 0.28.29 1229556509 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
18/12/2008 0.28.29 1229556509 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
18/12/2008 0.28.30 1229556510 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
18/12/2008 0.28.30 1229556510 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
18/12/2008 0.28.31 1229556511 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
18/12/2008 0.28.32 1229556512 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
18/12/2008 0.28.32 1229556512 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
18/12/2008 0.28.33 1229556513 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
18/12/2008 0.28.33 1229556513 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
18/12/2008 0.28.34 1229556514 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
18/12/2008 0.28.35 1229556515 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
18/12/2008 0.28.35 1229556515 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
18/12/2008 0.28.36 1229556516 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
18/12/2008 0.28.36 1229556516 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
18/12/2008 0.28.37 1229556517 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
18/12/2008 0.28.38 1229556518 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
18/12/2008 0.28.38 1229556518 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
18/12/2008 0.28.39 1229556519 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
18/12/2008 0.28.39 1229556519 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
18/12/2008 0.28.40 1229556520 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
18/12/2008 0.28.41 1229556521 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
18/12/2008 0.28.41 1229556521 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
18/12/2008 0.28.42 1229556522 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
18/12/2008 0.28.46 1229556526 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
18/12/2008 0.28.48 1229556528 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
18/12/2008 0.28.48 1229556528 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
18/12/2008 0.28.49 1229556529 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
18/12/2008 0.28.50 1229556530 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
18/12/2008 0.28.53 1229556533 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
18/12/2008 0.28.54 1229556534 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
18/12/2008 0.28.55 1229556535 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
18/12/2008 0.28.55 1229556535 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
18/12/2008 0.28.56 1229556536 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
18/12/2008 0.28.56 1229556536 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
18/12/2008 0.28.57 1229556537 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
18/12/2008 0.28.58 1229556538 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
18/12/2008 0.28.59 1229556539 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
18/12/2008 0.28.59 1229556539 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
18/12/2008 0.29.00 1229556540 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
18/12/2008 0.29.01 1229556541 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
18/12/2008 0.29.01 1229556541 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
18/12/2008 0.29.02 1229556542 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
18/12/2008 0.29.03 1229556543 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
18/12/2008 0.29.03 1229556543 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
18/12/2008 0.29.04 1229556544 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
18/12/2008 0.29.04 1229556544 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
18/12/2008 0.29.09 1229556549 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
18/12/2008 0.29.10 1229556550 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
18/12/2008 0.29.10 1229556550 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
18/12/2008 0.29.11 1229556551 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
18/12/2008 0.29.11 1229556551 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
18/12/2008 0.29.12 1229556552 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
18/12/2008 0.29.13 1229556553 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
18/12/2008 0.29.14 1229556554 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
18/12/2008 0.29.14 1229556554 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
18/12/2008 0.29.15 1229556555 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
18/12/2008 0.29.16 1229556556 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
18/12/2008 0.29.17 1229556557 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
18/12/2008 0.29.17 1229556557 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
18/12/2008 0.29.18 1229556558 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
18/12/2008 0.29.19 1229556559 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
18/12/2008 0.29.20 1229556560 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
18/12/2008 0.29.20 1229556560 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
18/12/2008 0.29.21 1229556561 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
18/12/2008 0.29.21 1229556561 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
18/12/2008 0.29.22 1229556562 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
18/12/2008 0.29.22 1229556562 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
18/12/2008 0.29.27 1229556567 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\aceapctl.ocx" file.
18/12/2008 0.29.28 1229556568 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\acerctrl.ocx" file.
18/12/2008 0.29.28 1229556568 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\LunchApp.ocx" file.
18/12/2008 0.29.29 1229556569 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scaxbtns.ocx" file.
18/12/2008 0.29.30 1229556570 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scdiags.ocx" file.
18/12/2008 0.29.30 1229556570 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scintro.ocx" file.
18/12/2008 0.29.31 1229556571 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scmaint.ocx" file.
18/12/2008 0.29.31 1229556571 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\scsupt.ocx" file.
18/12/2008 0.29.34 1229556574 Mentis 380 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\vsocx32.ocx" file.
18/12/2008 0.31.34 1229556694 Mentis 380 Sign of "." has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system32\CONFIG.NT\systemprofile\Impostazioni locali\Temp\RtkBtMnt.exe||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_MSIL\System\1.0.5000.0__b77a5c561934e089\System.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\assembly\GAC_32\System\1.0.5000.0__b77a5c561934e089\System.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\aceapctl.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\acerctrl.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\LunchApp.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scaxbtns.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scdiags.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scintro.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scmaint.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\scsupt.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||C:\WINDOWS\system.ini\vsocx32.ocx||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
Questo quello di gmer (anche qua credo sia questo da postare)
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-21 14:58:02
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwClose [0xF23F1576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwCreateKey [0xF23F1432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwDeleteValueKey [0xF23F1910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwDuplicateObject [0xF23F100A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenKey [0xF23F150C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenProcess [0xF23F0F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenThread [0xF23F0FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwQueryValueKey [0xF23F162C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwRestoreKey [0xF23F15EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwSetValueKey [0xF23F176C]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!
CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!
CreateProcessW] 00380000
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat
fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat
aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedff850
---- EOF - GMER 1.0.14 ----
Rootkit scan 2008-12-21 14:58:02
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwClose [0xF23F1576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwCreateKey [0xF23F1432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwDeleteValueKey [0xF23F1910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwDuplicateObject [0xF23F100A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenKey [0xF23F150C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenProcess [0xF23F0F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwOpenThread [0xF23F0FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwQueryValueKey [0xF23F162C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwRestoreKey [0xF23F15EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
ZwSetValueKey [0xF23F176C]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!
CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!
CreateProcessW] 00380000
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp
aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat
fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat
aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedff850
---- EOF - GMER 1.0.14 ----
Ora attendo che mi si spieghi cosa non va e cosa fare
![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")
