eliminare webssearcher
Regole del forum
eliminare webssearcher
Re: eliminare webssearcher
1) avvia il programma e clicca sul tasto SEARCH;
2) al termine della scansione, clicca sul tasto ELIMINA;
3) salva il REPORT [Sx] rilasciato dopo l’eliminazione.
Scarica HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:
2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il REPORT rilasciato.
Scarica HIJACKTHIS PORTABLE.
1) tasto destro del mouse sull’icona e scegli ESEGUI COME AMMINISTRATORE;
2) clicca su DO A SYSTEM SCAN AND SAVE A LOGFILE;
3) salva il REPORT rilasciato.
Allega i tre report.
- crazy.cat
- Amministratore
- Messaggi: 12479
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: eliminare webssearcher
Re: eliminare webssearcher
Explorer si apriva in una pagina iniziale bianca ma per il resto era a posto, Firefox anche, Chrome invece nelle impostazioni sotto la voce "Apri una pagina specifica o un insieme di pagine" ancora aveva quell'indirizzo che rimanda a quone8, eliminato anche questo sembra che sia tutto tornato a posto.
Re: eliminare webssearcher
[Claudio] ha scritto:Scarica ADWCLEANER.
1) avvia il programma e clicca sul tasto SEARCH;
2) al termine della scansione, clicca sul tasto ELIMINA;
3) salva il REPORT [Sx] rilasciato dopo l’eliminazione.
Scarica HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:
2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il REPORT rilasciato.
Scarica HIJACKTHIS PORTABLE.
1) tasto destro del mouse sull’icona e scegli ESEGUI COME AMMINISTRATORE;
2) clicca su DO A SYSTEM SCAN AND SAVE A LOGFILE;
3) salva il REPORT rilasciato.
Allega i tre report.
- crazy.cat
- Amministratore
- Messaggi: 12479
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: eliminare webssearcher
Prova a seguire le indicazionisanto_61 ha scritto:Persiste invece su GoogleChrome.
https://turbolab.it/167
Anche se avevo usato snap.do non dovrebbero poi cambiare di molto.
Re: eliminare webssearcher
Riesegui HitmanPro, nella maschera principale clicca su IMPOSTAZIONI - scegli CRONOLOGIA - apri il tab LOG e recupera il report della scansione.santo_61 ha scritto:Non sono riuscito a creare il report di HitmanPro.
Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.Vorrei allegare gli altri due ma non so come fare e sulle FAQ non ho trovato indicazioni ......
Re: eliminare webssearcher
[Claudio] ha scritto:Riesegui HitmanPro, nella maschera principale clicca su IMPOSTAZIONI - scegli CRONOLOGIA - apri il tab LOG e recupera il report della scansione.santo_61 ha scritto:Non sono riuscito a creare il report di HitmanPro.
Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.Vorrei allegare gli altri due ma non so come fare e sulle FAQ non ho trovato indicazioni ......
Re: eliminare webssearcher
Più chiaro di cosi??santo_61 ha scritto:Tutto ok, ho il report di HitmanPro, ma non riesco a capire come caricare in allegato a questo forum i tre log. Potresti essere più chiaro? Grazie!
vediamo..... ..... carica i REPORT su Wikisend ----->>> CLICCA QUI ...... e pubblica il FORUMLINK proposto per ognuno.[Claudio] ha scritto:Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.
Altrimenti, copia ed incolla qui il risultato del report.
Re: eliminare webssearcher
# AdwCleaner v3.023 - Report created 02/04/2014 at 18:28:45
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : SANTO - SANTO-C2E6631A4
# Running from : C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner-3-0-23-es-en-br-fr-de-win[1].exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\SupTab
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\Systweak
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\webssearches
Folder Deleted : C:\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup
[!] Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\SANTO\Desktop\MyPC Backup.lnk
File Deleted : C:\WINDOWS\Tasks\View Password Update.job
File Deleted : C:\WINDOWS\Tasks\View Password_wd.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upfst_it_86.exe]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\free_soft_to_day
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\webssearchesSoftware
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_it_86_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
-\\ Google Chrome v
[ File : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]
Deleted : suggest_url
Deleted : homepage
Deleted : search_url
*************************
AdwCleaner[R0].txt - [19273 octets] - [29/03/2014 21:30:31]
AdwCleaner[R1].txt - [11507 octets] - [02/04/2014 18:27:59]
AdwCleaner[S0].txt - [881 octets] - [02/04/2014 18:25:44]
AdwCleaner[S1].txt - [10750 octets] - [02/04/2014 18:28:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10811 octets] ##########
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : SANTO - SANTO-C2E6631A4
# Running from : C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner-3-0-23-es-en-br-fr-de-win[1].exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\SupTab
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\Systweak
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\webssearches
Folder Deleted : C:\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup
[!] Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\SANTO\Desktop\MyPC Backup.lnk
File Deleted : C:\WINDOWS\Tasks\View Password Update.job
File Deleted : C:\WINDOWS\Tasks\View Password_wd.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upfst_it_86.exe]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\free_soft_to_day
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\webssearchesSoftware
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_it_86_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
-\\ Google Chrome v
[ File : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]
Deleted : suggest_url
Deleted : homepage
Deleted : search_url
*************************
AdwCleaner[R0].txt - [19273 octets] - [29/03/2014 21:30:31]
AdwCleaner[R1].txt - [11507 octets] - [02/04/2014 18:27:59]
AdwCleaner[S0].txt - [881 octets] - [02/04/2014 18:25:44]
AdwCleaner[S1].txt - [10750 octets] - [02/04/2014 18:28:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10811 octets] ##########
HitmanPro 3.7.9.216
http://www.hitmanpro.com
Computer name . . . . : SANTO-C2E6631A4
Windows . . . . . . . : 5.1.2.2600.X86/1
User name . . . . . . : SANTO-C2E6631A4\SANTO
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-04-02 18:38:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 31
Traces . . . . . . . : 99
Objects scanned . . . : 402.205
Files scanned . . . . : 11.466
Remnants scanned . . : 46.561 files / 344.178 keys
Malware _____________________________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe -> Deleted
Size . . . . . . . : 3.271.504 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:29)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5B0C0F8A5BA17417650040E03EBE9640561E11DF5A3C452A0F93149C8003DFCA
Product . . . . . : fst_it_86
Publisher . . . . : free_soft_to_day
Description . . . : fst_it_86 Setup
Version
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Eorezo.ctl
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\fst_it_2603-5eb5d219.exe
Forensic Cluster
-84.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-82.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-80.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-80.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-78.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-77.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-77.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-76.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-70.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-70.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-70.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-70.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-65.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-63.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-53.3s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-52.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-52.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-34.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-34.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-34.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-33.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-33.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-31.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-31.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-30.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe -> Quarantined
Size . . . . . . . : 6.212.734 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:35)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5993D423DF163BF80DF0369801F761FBEFD7BCC8A992F47AD1570AA6BBDB1E1D
Product . . . . . : Ohwwxuttyi
Publisher . . . . : Jrtpxvizmgiiro
Description . . . : Jqfdunkrruwjvw
Version . . . . . : 25.2.25.14
Copyright . . . . : Unxcf
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ajsd
Fuzzy . . . . . . : 105.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\hdplus_it_2803-edf307dc.exe
Forensic Cluster
-90.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-88.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-87.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-86.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-85.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-84.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-84.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-83.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-83.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-82.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-77.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-77.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-76.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-71.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-59.7s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-59.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-58.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-41.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-40.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-40.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-38.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-38.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-38.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-37.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-37.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe
C:\Programmi\Jotzey\JotzeyBHO.dll -> Quarantined
Size . . . . . . . : 249.624 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:02)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 488DABEE25EAD82AF77B04C290B868DEE807745EAF3BDAC207D2E43AF893C8D0
Product . . . . . : Jotzey
Publisher . . . . : Jotzey
Description . . . : Jotzey
Version . . . . . : 1.0.0.3
Copyright . . . . : (c) Jotzey. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ahbx
Fuzzy . . . . . . : 91.0
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
References
HKLM\SOFTWARE\Classes\CLSID\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
HKLM\SOFTWARE\Classes\TypeLib\{4e1ca9b1-c816-4b8a-bd4c-546fbc5008de}\
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
Forensic Cluster
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-1.9s C:\Programmi\Jotzey\
0.0s C:\Programmi\Jotzey\JotzeyBHO.dll
1.9s C:\Programmi\Jotzey\updateJotzey.InstallState
4.6s C:\Programmi\Jotzey\Jotzey.ico
4.6s C:\Programmi\Jotzey\JotzeyUninstall.exe
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe -> Quarantined
Size . . . . . . . : 3.234.256 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:28:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F29CDDA5134C6EE624284E3A993D2821EC3BE8D9C34D1B918FAED90A4C1DFF8A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
Fuzzy . . . . . . : 101.0
Forensic Cluster
-2.6s C:\AdwCleaner\AdwCleaner[S1].txt
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034445.exe
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034446.dll
-2.0s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034447.exe
-1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034448.exe
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034449.exe
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034450.exe
-1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034451.exe
-1.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034452.exe
-0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034453.dll
-0.8s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\Uninstall\
-0.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034454.dll
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034455.exe
-0.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034456.exe
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe
0.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\TrustChecker\
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\PTPCACHE\
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034458.dll
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\SupTab\
0.8s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\
0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034459.exe
1.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\images\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034460.lnk
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034461.lnk
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034462.dll
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034463.exe
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034464.dll
1.9s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Desktop\
1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034465.lnk
1.9s C:\AdwCleaner\Quarantine\C\WINDOWS\Tasks\
26.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034466.ini
Suspicious files ____________________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:53)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-8.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:45)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
8.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:33)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:14)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:39:42)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAE6WUU3
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk240.tmp
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAM89UOF
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk242.tmp
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAPGSPS7
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk245.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAQ2R73M
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk247.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAR5NR02
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CA4IGD5E
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk249.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24B.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CATIIHRV
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24D.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAOZ14V8
-64.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAK4VM64
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAY0ZCV4
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\italianartcafe[1].jpg
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\spedizione[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\espresso[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\v3[1].png
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\dem_artcafev2_04[1].jpg
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\wp_logo_dem[1].gif
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\macchina[1].jpg
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\prezzo[1].jpg
-60.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\acquistasubito[1].jpg
-60.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\incluse[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\testo_2[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\seguici[1].jpg
-60.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\pagamenti[1].jpg
-60.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\sconto[1].jpg
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\[1]
-38.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\MaxtorX6L200M0_L41VTN7G[3].htm
-33.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\BannerServer[1]
-33.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\trustBanner[1].js
-32.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\js[1]
-32.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\ca[1].htm
-31.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setAdImpData[1].js
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\d5d55fa53e395133e03ec5187e7de9af[1].jpg
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\ANX_async_usersync[1].js
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[2].jsonp
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\i[1].txt
-29.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\chrome-48[1].png
-29.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\nav_logo80[1].png
-29.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\logo9w[1].png
-29.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\rs=AItRSTMshz5YsCL6mqjNnhXV39hxU0vwuw[1]
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\favicon[2].ico
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\nav_logo176[1].png
-29.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sem_0811d504065eed7057d7047ed460672a[1].js
-28.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\match.min.20120213[1].js
-26.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\loading[1].gif
-26.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\sf_allenby[1].js
-26.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[1].htm
-25.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\noise[1].png
-25.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\closeBtn[1].png
-12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033265.MSI
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033285.msi
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033266.MST
-4.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\1378046917[1].htm
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033286.mst
-2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\votes-resume[1]
-2.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\comments[1]
-0.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\7463a8.mst
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\chart[1].png
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033268.dll
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033269.dll
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033278.dll
1.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033270.dll
1.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033271.dll
1.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\extension[3].js
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033272.dll
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033273.dll
16.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033274.ini
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\rp.log
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
18.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
18.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
18.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_.DEFAULT
19.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SECURITY
19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SOFTWARE
20.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SYSTEM
21.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SAM
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\ComDb.Dat
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\domain.txt
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\drivetable.txt
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\$WinMgmt.CFG
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.1
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.4
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.2
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.3
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.BTR
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING.VER
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING1.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING2.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.DATA
22.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.MAP
22.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\RestorePointSize
24.1s C:\Programmi\Enigma Software Group\SpyHunter\
24.1s C:\sh4ldr\
24.1s C:\Programmi\Enigma Software Group\SpyHunter\ExecutionGuard.dll
24.1s C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
24.3s C:\Programmi\Enigma Software Group\SpyHunter\Common.dll
24.3s C:\Programmi\Enigma Software Group\SpyHunter\SHDS.mht
24.3s C:\Programmi\Enigma Software Group\SpyHunter\ShScanner.dll
24.4s C:\Programmi\Enigma Software Group\SpyHunter\ESGRKCHK.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\Defman.dll
24.5s C:\Programmi\Enigma Software Group\SpyHunter\Defs\
26.1s C:\sh4ldr\vmlinuz
26.1s C:\sh4ldr\initrd.gz
26.2s C:\sh4ldr\shldr
26.2s C:\Programmi\Enigma Software Group\SpyHunter\English.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\native.exe
26.3s C:\Programmi\Enigma Software Group\SpyHunter\license.txt
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Dutch.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Danish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\German.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\French.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Portuguese.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Norwegian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Spanish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Italian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\purl.dat
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Swedish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Lithuanian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Czech.lng
26.4s C:\WINDOWS\system32\ESGScanner.sys
26.4s C:\WINDOWS\system32\EsgScanner.inf
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Finnish.lng
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Russian.lng
26.4s C:\sh4ldr\shldr.mbr
26.4s C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys
26.4s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\
26.7s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\Uninstall SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Desktop\SpyHunter.lnk
26.9s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter Emergency Startup.lnk
27.1s C:\WINDOWS\Installer\6ae52b.msi
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
34.5s C:\Programmi\Enigma Software Group\SpyHunter\SH4.com
34.8s C:\Programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140401_184041.log
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\hosts.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\system.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\win.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\dns.dat
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:51)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033276.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033281.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033279.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033280.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033282.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033283.dll
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033277.exe
3.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033312.sys
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 17:28:07)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033182.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033173.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033177.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033175.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033178.exe
0.1s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033174.exe
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
34.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\
34.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\rp.log
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
35.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033170.ini
36.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
36.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
37.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
37.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
40.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
41.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_.DEFAULT
41.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SECURITY
42.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SOFTWARE
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:08)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.6s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MSI
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033245.msi
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033251.mst
-4.0s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MST
-0.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\6ab93b.mst
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033237.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033241.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033239.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033240.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033242.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033244.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033238.exe
C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:36:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\rp.log
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
-4.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
-4.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_.DEFAULT
-3.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SECURITY
-3.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SOFTWARE
-2.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SYSTEM
-2.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SAM
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\ComDb.Dat
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\domain.txt
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\drivetable.txt
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\
-2.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\$WinMgmt.CFG
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.BTR
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING.VER
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING1.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING2.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.DATA
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.MAP
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\RestorePointSize
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\change.log.1
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe
0.3s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll
10.6s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\rp.log
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
11.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
11.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
11.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
11.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
11.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
12.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_.DEFAULT
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SECURITY
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SOFTWARE
13.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SYSTEM
13.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SAM
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\ComDb.Dat
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\domain.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\drivetable.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\$WinMgmt.CFG
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\change.log.1
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.BTR
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING.VER
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING1.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING2.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.DATA
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.MAP
14.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\RestorePointSize
Malware remnants ____________________________________________________________
C:\Programmi\Jotzey\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\BrowserAdapterS.7z (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 4.0 days (2014-03-29 17:45:20)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
Forensic Cluster
-19.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032998.dll
-19.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032997.dll
-19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032996.dll
-19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032995.dll
-19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032994.dll
-7.2s C:\WINDOWS\Temp\tmp4B.tmp
-7.2s C:\WINDOWS\Temp\tmp4C.tmp
-6.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031766.exe
-0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032993.sys
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033101.exe
0.0s C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe
C:\Programmi\Jotzey\bin\FilterApp_C.exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:05:26)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 3832
Fuzzy . . . . . . : -5.0
Forensic Cluster
-2.5s C:\Documents and Settings\SANTO\Cookies\santo@search.conduit[2].txt
-0.1s C:\WINDOWS\system32\drivers\tStLibG.sys
0.0s C:\Programmi\Jotzey\bin\FilterApp_C.exe
2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\Recovery\Active\{7146F038-B9B7-11E3-8DB5-00508D7F8E11}.dat
C:\Programmi\Jotzey\bin\plugins\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll (Jotzey) -> Deleted
Size . . . . . . . : 79.640 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:51)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 2512BD177A2BD11DCD4659457DCB0D2BCAD17007AD136EB5ADC433410A3C9403
Description . . . :
Version . . . . . : 1.0.5196.21749
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll (Jotzey) -> Deleted
Size . . . . . . . : 761.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : BDC175731F128A1A25FE14E198A763F0ABE80EEF2AC3D3CE9C950AD73DBAA7A8
Description . . . :
Version . . . . . : 1.0.5200.28738
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll (Jotzey) -> Deleted
Size . . . . . . . : 57.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:55)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 9CFBB1CA3C94EF2B27B5D90E2331E263AF5D5A2AF43B2EE4E4B9032028859875
Description . . . :
Version . . . . . : 1.0.5197.24595
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
-4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 459.544 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:38:40)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 615313A706AD380551CA7AA357B2B4BDE4E7ED05039BED8242AC1775CEE04915
Description . . . :
Version . . . . . : 1.0.5182.28943
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
Forensic Cluster
-0.0s C:\Programmi\Jotzey\bin\plugins\
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 544.536 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 36F4C6774D2B5D7B07B29E53A0665352734D2D09939B7D167302BF848713F906
Description . . . :
Version . . . . . : 1.0.5197.30564
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll (Jotzey) -> Deleted
Size . . . . . . . : 763.160 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : EBFD290E21F06AAFC0BF9A177CDB6083B6AB4B5246A8683609D573419A702A11
Description . . . :
Version . . . . . : 1.0.5200.29277
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState
C:\Programmi\Jotzey\bin\utilJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 350.488 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 20ABE0A7D3BB7A9299170295B46BFB75E7DA65DD3E7F1DDA82739D488674CB79
Description . . . :
Version . . . . . : 1.0.5204.19343
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Util Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 3236
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Util Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState
C:\Programmi\Jotzey\bin\utilJotzey.InstallState (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\XTLS.dll (Jotzey) -> Deleted
Size . . . . . . . : 292.632 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2BFD832640790855C4B34D31D3C5D5805644A0572A3820D82289A543A0A9864D
Product . . . . . : XVRNT
Publisher . . . . : TODO: <Company name>
Description . . . : TODO: <File description>
Version . . . . . : 2.0.0.6
Copyright . . . . : TODO: (c) <Company name>. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\bin\XTLSApp.dll (Jotzey) -> Deleted
Size . . . . . . . : 179.480 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.6
SHA-256 . . . . . : BCB316D6EAF30D0247091389750C77155F799F65CC455FCBB3172B25B3D00525
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\bin\XTLSApp.exe (Jotzey) -> Deleted
Size . . . . . . . : 78.616 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2C6480B4340A561B535CC207C807C23A3D478C8B0B450BC5EE83D30481C3C923
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 404
Fuzzy . . . . . . : 1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\Jotzey.ico (Jotzey) -> Deleted
C:\Programmi\Jotzey\JotzeyUninstall.exe (Jotzey) -> Deleted
Size . . . . . . . : 240.929 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:07)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B8575E1A622E5C11F8124E46427632A5CF841943FE8423CA55EB8DB7E3029F3D
Fuzzy . . . . . . : 8.0
Forensic Cluster
-8.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-6.5s C:\Programmi\Jotzey\
-4.6s C:\Programmi\Jotzey\JotzeyBHO.dll
-2.7s C:\Programmi\Jotzey\updateJotzey.InstallState
0.0s C:\Programmi\Jotzey\Jotzey.ico
0.0s C:\Programmi\Jotzey\JotzeyUninstall.exe
C:\Programmi\Jotzey\updateJotzey(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe
C:\Programmi\Jotzey\updateJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Update Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 2352
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Update Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe
C:\Programmi\Jotzey\updateJotzey.InstallState (Jotzey) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Jotzey\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jotzey\ (Jotzey) -> Deleted
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Jotzey\ (Jotzey) -> Deleted
Potential Unwanted Programs _________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (FTDownloader) -> Deleted
conduit.search
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data
HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader) -> PendingDelete
Cookies _____________________________________________________________________
C:\Documents and Settings\SANTO\Cookies\santo@247realmedia[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@2o7[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.360yield[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.zanox[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.ad4game[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.creative-serving[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.p161[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.yahoo[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@adtechus[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@advertising[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@apmebf[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@atdmt[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@bs.serving-sys[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@casalemedia[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@content.yieldmanager[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@doubleclick[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@eas8.emediate[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@exoclick[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@media6degrees[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ru4[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@serving-sys[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@smartadserver[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@track.adform[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@tribalfusion[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneit.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneitsimple.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdata.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdatas2.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[5].txt
C:\Documents and Settings\SANTO\Cookies\santo@yadro[1].txt
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:doubleclick.net
http://www.hitmanpro.com
Computer name . . . . : SANTO-C2E6631A4
Windows . . . . . . . : 5.1.2.2600.X86/1
User name . . . . . . : SANTO-C2E6631A4\SANTO
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-04-02 18:38:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 31
Traces . . . . . . . : 99
Objects scanned . . . : 402.205
Files scanned . . . . : 11.466
Remnants scanned . . : 46.561 files / 344.178 keys
Malware _____________________________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe -> Deleted
Size . . . . . . . : 3.271.504 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:29)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5B0C0F8A5BA17417650040E03EBE9640561E11DF5A3C452A0F93149C8003DFCA
Product . . . . . : fst_it_86
Publisher . . . . : free_soft_to_day
Description . . . : fst_it_86 Setup
Version
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Eorezo.ctl
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\fst_it_2603-5eb5d219.exe
Forensic Cluster
-84.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-82.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-80.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-80.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-78.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-77.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-77.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-76.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-70.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-70.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-70.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-70.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-65.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-63.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-53.3s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-52.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-52.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-34.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-34.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-34.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-33.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-33.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-31.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-31.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-30.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe -> Quarantined
Size . . . . . . . : 6.212.734 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:35)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5993D423DF163BF80DF0369801F761FBEFD7BCC8A992F47AD1570AA6BBDB1E1D
Product . . . . . : Ohwwxuttyi
Publisher . . . . : Jrtpxvizmgiiro
Description . . . : Jqfdunkrruwjvw
Version . . . . . : 25.2.25.14
Copyright . . . . : Unxcf
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ajsd
Fuzzy . . . . . . : 105.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\hdplus_it_2803-edf307dc.exe
Forensic Cluster
-90.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-88.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-87.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-86.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-85.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-84.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-84.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-83.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-83.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-82.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-77.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-77.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-76.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-71.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-59.7s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-59.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-58.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-41.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-40.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-40.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-38.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-38.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-38.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-37.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-37.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe
C:\Programmi\Jotzey\JotzeyBHO.dll -> Quarantined
Size . . . . . . . : 249.624 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:02)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 488DABEE25EAD82AF77B04C290B868DEE807745EAF3BDAC207D2E43AF893C8D0
Product . . . . . : Jotzey
Publisher . . . . : Jotzey
Description . . . : Jotzey
Version . . . . . : 1.0.0.3
Copyright . . . . : (c) Jotzey. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ahbx
Fuzzy . . . . . . : 91.0
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
References
HKLM\SOFTWARE\Classes\CLSID\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
HKLM\SOFTWARE\Classes\TypeLib\{4e1ca9b1-c816-4b8a-bd4c-546fbc5008de}\
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
Forensic Cluster
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-1.9s C:\Programmi\Jotzey\
0.0s C:\Programmi\Jotzey\JotzeyBHO.dll
1.9s C:\Programmi\Jotzey\updateJotzey.InstallState
4.6s C:\Programmi\Jotzey\Jotzey.ico
4.6s C:\Programmi\Jotzey\JotzeyUninstall.exe
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe -> Quarantined
Size . . . . . . . : 3.234.256 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:28:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F29CDDA5134C6EE624284E3A993D2821EC3BE8D9C34D1B918FAED90A4C1DFF8A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
Fuzzy . . . . . . : 101.0
Forensic Cluster
-2.6s C:\AdwCleaner\AdwCleaner[S1].txt
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034445.exe
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034446.dll
-2.0s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034447.exe
-1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034448.exe
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034449.exe
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034450.exe
-1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034451.exe
-1.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034452.exe
-0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034453.dll
-0.8s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\Uninstall\
-0.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034454.dll
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034455.exe
-0.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034456.exe
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe
0.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\TrustChecker\
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\PTPCACHE\
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034458.dll
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\SupTab\
0.8s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\
0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034459.exe
1.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\images\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034460.lnk
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034461.lnk
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034462.dll
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034463.exe
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034464.dll
1.9s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Desktop\
1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034465.lnk
1.9s C:\AdwCleaner\Quarantine\C\WINDOWS\Tasks\
26.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034466.ini
Suspicious files ____________________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:53)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-8.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:45)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
8.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:33)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:14)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:39:42)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAE6WUU3
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk240.tmp
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAM89UOF
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk242.tmp
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAPGSPS7
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk245.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAQ2R73M
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk247.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAR5NR02
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CA4IGD5E
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk249.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24B.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CATIIHRV
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24D.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAOZ14V8
-64.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAK4VM64
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAY0ZCV4
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\italianartcafe[1].jpg
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\spedizione[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\espresso[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\v3[1].png
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\dem_artcafev2_04[1].jpg
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\wp_logo_dem[1].gif
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\macchina[1].jpg
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\prezzo[1].jpg
-60.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\acquistasubito[1].jpg
-60.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\incluse[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\testo_2[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\seguici[1].jpg
-60.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\pagamenti[1].jpg
-60.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\sconto[1].jpg
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\[1]
-38.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\MaxtorX6L200M0_L41VTN7G[3].htm
-33.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\BannerServer[1]
-33.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\trustBanner[1].js
-32.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\js[1]
-32.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\ca[1].htm
-31.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setAdImpData[1].js
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\d5d55fa53e395133e03ec5187e7de9af[1].jpg
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\ANX_async_usersync[1].js
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[2].jsonp
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\i[1].txt
-29.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\chrome-48[1].png
-29.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\nav_logo80[1].png
-29.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\logo9w[1].png
-29.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\rs=AItRSTMshz5YsCL6mqjNnhXV39hxU0vwuw[1]
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\favicon[2].ico
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\nav_logo176[1].png
-29.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sem_0811d504065eed7057d7047ed460672a[1].js
-28.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\match.min.20120213[1].js
-26.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\loading[1].gif
-26.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\sf_allenby[1].js
-26.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[1].htm
-25.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\noise[1].png
-25.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\closeBtn[1].png
-12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033265.MSI
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033285.msi
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033266.MST
-4.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\1378046917[1].htm
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033286.mst
-2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\votes-resume[1]
-2.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\comments[1]
-0.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\7463a8.mst
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\chart[1].png
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033268.dll
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033269.dll
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033278.dll
1.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033270.dll
1.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033271.dll
1.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\extension[3].js
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033272.dll
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033273.dll
16.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033274.ini
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\rp.log
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
18.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
18.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
18.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_.DEFAULT
19.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SECURITY
19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SOFTWARE
20.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SYSTEM
21.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SAM
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\ComDb.Dat
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\domain.txt
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\drivetable.txt
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\$WinMgmt.CFG
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.1
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.4
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.2
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.3
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.BTR
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING.VER
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING1.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING2.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.DATA
22.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.MAP
22.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\RestorePointSize
24.1s C:\Programmi\Enigma Software Group\SpyHunter\
24.1s C:\sh4ldr\
24.1s C:\Programmi\Enigma Software Group\SpyHunter\ExecutionGuard.dll
24.1s C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
24.3s C:\Programmi\Enigma Software Group\SpyHunter\Common.dll
24.3s C:\Programmi\Enigma Software Group\SpyHunter\SHDS.mht
24.3s C:\Programmi\Enigma Software Group\SpyHunter\ShScanner.dll
24.4s C:\Programmi\Enigma Software Group\SpyHunter\ESGRKCHK.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\Defman.dll
24.5s C:\Programmi\Enigma Software Group\SpyHunter\Defs\
26.1s C:\sh4ldr\vmlinuz
26.1s C:\sh4ldr\initrd.gz
26.2s C:\sh4ldr\shldr
26.2s C:\Programmi\Enigma Software Group\SpyHunter\English.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\native.exe
26.3s C:\Programmi\Enigma Software Group\SpyHunter\license.txt
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Dutch.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Danish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\German.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\French.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Portuguese.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Norwegian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Spanish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Italian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\purl.dat
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Swedish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Lithuanian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Czech.lng
26.4s C:\WINDOWS\system32\ESGScanner.sys
26.4s C:\WINDOWS\system32\EsgScanner.inf
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Finnish.lng
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Russian.lng
26.4s C:\sh4ldr\shldr.mbr
26.4s C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys
26.4s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\
26.7s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\Uninstall SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Desktop\SpyHunter.lnk
26.9s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter Emergency Startup.lnk
27.1s C:\WINDOWS\Installer\6ae52b.msi
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
34.5s C:\Programmi\Enigma Software Group\SpyHunter\SH4.com
34.8s C:\Programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140401_184041.log
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\hosts.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\system.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\win.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\dns.dat
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:51)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033276.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033281.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033279.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033280.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033282.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033283.dll
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033277.exe
3.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033312.sys
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 17:28:07)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033182.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033173.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033177.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033175.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033178.exe
0.1s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033174.exe
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
34.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\
34.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\rp.log
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
35.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033170.ini
36.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
36.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
37.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
37.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
40.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
41.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_.DEFAULT
41.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SECURITY
42.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SOFTWARE
C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:08)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.6s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MSI
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033245.msi
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033251.mst
-4.0s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MST
-0.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\6ab93b.mst
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033237.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033241.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033239.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033240.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033242.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033244.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033238.exe
C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:36:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\rp.log
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
-4.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
-4.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_.DEFAULT
-3.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SECURITY
-3.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SOFTWARE
-2.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SYSTEM
-2.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SAM
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\ComDb.Dat
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\domain.txt
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\drivetable.txt
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\
-2.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\$WinMgmt.CFG
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.BTR
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING.VER
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING1.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING2.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.DATA
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.MAP
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\RestorePointSize
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\change.log.1
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe
0.3s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll
10.6s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\rp.log
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
11.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
11.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
11.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
11.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
11.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
12.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_.DEFAULT
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SECURITY
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SOFTWARE
13.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SYSTEM
13.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SAM
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\ComDb.Dat
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\domain.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\drivetable.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\$WinMgmt.CFG
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\change.log.1
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.BTR
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING.VER
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING1.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING2.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.DATA
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.MAP
14.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\RestorePointSize
Malware remnants ____________________________________________________________
C:\Programmi\Jotzey\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\BrowserAdapterS.7z (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 4.0 days (2014-03-29 17:45:20)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
Forensic Cluster
-19.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032998.dll
-19.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032997.dll
-19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032996.dll
-19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032995.dll
-19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032994.dll
-7.2s C:\WINDOWS\Temp\tmp4B.tmp
-7.2s C:\WINDOWS\Temp\tmp4C.tmp
-6.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031766.exe
-0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032993.sys
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033101.exe
0.0s C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe
C:\Programmi\Jotzey\bin\FilterApp_C.exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:05:26)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 3832
Fuzzy . . . . . . : -5.0
Forensic Cluster
-2.5s C:\Documents and Settings\SANTO\Cookies\santo@search.conduit[2].txt
-0.1s C:\WINDOWS\system32\drivers\tStLibG.sys
0.0s C:\Programmi\Jotzey\bin\FilterApp_C.exe
2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\Recovery\Active\{7146F038-B9B7-11E3-8DB5-00508D7F8E11}.dat
C:\Programmi\Jotzey\bin\plugins\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll (Jotzey) -> Deleted
Size . . . . . . . : 79.640 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:51)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 2512BD177A2BD11DCD4659457DCB0D2BCAD17007AD136EB5ADC433410A3C9403
Description . . . :
Version . . . . . : 1.0.5196.21749
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll (Jotzey) -> Deleted
Size . . . . . . . : 761.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : BDC175731F128A1A25FE14E198A763F0ABE80EEF2AC3D3CE9C950AD73DBAA7A8
Description . . . :
Version . . . . . : 1.0.5200.28738
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll (Jotzey) -> Deleted
Size . . . . . . . : 57.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:55)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 9CFBB1CA3C94EF2B27B5D90E2331E263AF5D5A2AF43B2EE4E4B9032028859875
Description . . . :
Version . . . . . : 1.0.5197.24595
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
-4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 459.544 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:38:40)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 615313A706AD380551CA7AA357B2B4BDE4E7ED05039BED8242AC1775CEE04915
Description . . . :
Version . . . . . : 1.0.5182.28943
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
Forensic Cluster
-0.0s C:\Programmi\Jotzey\bin\plugins\
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 544.536 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 36F4C6774D2B5D7B07B29E53A0665352734D2D09939B7D167302BF848713F906
Description . . . :
Version . . . . . : 1.0.5197.30564
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll (Jotzey) -> Deleted
Size . . . . . . . : 763.160 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : EBFD290E21F06AAFC0BF9A177CDB6083B6AB4B5246A8683609D573419A702A11
Description . . . :
Version . . . . . : 1.0.5200.29277
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState
C:\Programmi\Jotzey\bin\utilJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 350.488 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 20ABE0A7D3BB7A9299170295B46BFB75E7DA65DD3E7F1DDA82739D488674CB79
Description . . . :
Version . . . . . : 1.0.5204.19343
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Util Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 3236
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Util Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState
C:\Programmi\Jotzey\bin\utilJotzey.InstallState (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\XTLS.dll (Jotzey) -> Deleted
Size . . . . . . . : 292.632 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2BFD832640790855C4B34D31D3C5D5805644A0572A3820D82289A543A0A9864D
Product . . . . . : XVRNT
Publisher . . . . : TODO: <Company name>
Description . . . : TODO: <File description>
Version . . . . . : 2.0.0.6
Copyright . . . . : TODO: (c) <Company name>. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\bin\XTLSApp.dll (Jotzey) -> Deleted
Size . . . . . . . : 179.480 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.6
SHA-256 . . . . . : BCB316D6EAF30D0247091389750C77155F799F65CC455FCBB3172B25B3D00525
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\bin\XTLSApp.exe (Jotzey) -> Deleted
Size . . . . . . . : 78.616 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2C6480B4340A561B535CC207C807C23A3D478C8B0B450BC5EE83D30481C3C923
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 404
Fuzzy . . . . . . : 1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini
C:\Programmi\Jotzey\Jotzey.ico (Jotzey) -> Deleted
C:\Programmi\Jotzey\JotzeyUninstall.exe (Jotzey) -> Deleted
Size . . . . . . . : 240.929 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:07)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B8575E1A622E5C11F8124E46427632A5CF841943FE8423CA55EB8DB7E3029F3D
Fuzzy . . . . . . : 8.0
Forensic Cluster
-8.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-6.5s C:\Programmi\Jotzey\
-4.6s C:\Programmi\Jotzey\JotzeyBHO.dll
-2.7s C:\Programmi\Jotzey\updateJotzey.InstallState
0.0s C:\Programmi\Jotzey\Jotzey.ico
0.0s C:\Programmi\Jotzey\JotzeyUninstall.exe
C:\Programmi\Jotzey\updateJotzey(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe
C:\Programmi\Jotzey\updateJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Update Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 2352
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Update Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe
C:\Programmi\Jotzey\updateJotzey.InstallState (Jotzey) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Jotzey\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jotzey\ (Jotzey) -> Deleted
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Jotzey\ (Jotzey) -> Deleted
Potential Unwanted Programs _________________________________________________
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (FTDownloader) -> Deleted
conduit.search
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data
HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader) -> PendingDelete
Cookies _____________________________________________________________________
C:\Documents and Settings\SANTO\Cookies\santo@247realmedia[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@2o7[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.360yield[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.zanox[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.ad4game[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.creative-serving[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.p161[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.yahoo[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@adtechus[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@advertising[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@apmebf[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@atdmt[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@bs.serving-sys[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@casalemedia[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@content.yieldmanager[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@doubleclick[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@eas8.emediate[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@exoclick[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@media6degrees[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ru4[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@serving-sys[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@smartadserver[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@track.adform[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@tribalfusion[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneit.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneitsimple.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdata.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdatas2.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[5].txt
C:\Documents and Settings\SANTO\Cookies\santo@yadro[1].txt
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:doubleclick.net
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19.00.28, on 02/04/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 33.0.1750.154
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\RealNetworks\RealDownloader\recordingmanager.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Programmi\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E57BE96D-C2EB-4836-BF77-40941C89AE43}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7981 bytes
Scan saved at 19.00.28, on 02/04/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 33.0.1750.154
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\RealNetworks\RealDownloader\recordingmanager.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Programmi\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E57BE96D-C2EB-4836-BF77-40941C89AE43}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7981 bytes
Edited by Uomo Senza Sonno: la prossima volta utilizziamo il tag Spoiler per inserire i log, di modo da facilitare la lettura dei post. Grazie per la collaborazione[Claudio] ha scritto:Più chiaro di cosi??santo_61 ha scritto:Tutto ok, ho il report di HitmanPro, ma non riesco a capire come caricare in allegato a questo forum i tre log. Potresti essere più chiaro? Grazie!
vediamo..... ..... carica i REPORT su Wikisend ----->>> CLICCA QUI ...... e pubblica il FORUMLINK proposto per ognuno.[Claudio] ha scritto:Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.
Altrimenti, copia ed incolla qui il risultato del report.
Ultima modifica di Al3x il lun apr 07, 2014 7:32 am, modificato 3 volte in totale.
Motivazione: inserito tag Spoiler
Motivazione: inserito tag Spoiler
Re: eliminare webssearcher
*** Edited by The Doctor: certe considerazioni meglio farle via PM
Re: eliminare webssearcher
HitmanPro_20140405_1209.log
[Claudio] ha scritto:Riesegui la scansione con HitmanPro; al termine della scansione e allega il nuovo Report (voglio essere sicuro sia pulito).
*** Edited by The Doctor: certe considerazioni meglio farle via PM
Re: eliminare webssearcher
Chiariamo alcune cose prima di proseguire (perchè è necessario capire se VUOI risolvere il problema, oppure perdere tempo in inutili scansioni):santo_61 ha scritto:Fatto.
Questione 1: se, quando esegui la scansione, non ELIMINI tutto ciò che viene rilevato, non se ne esce (tutta quella roba DEVE SPARIRE);
Questione 2: ti ho chiesto perché il sistema non è aggiornato al SP3; se consideri che ti sto offrendo un aiuto, una banale risposta alla domanda sarebbe gradita (perchè quel problema DEVE essere risolto, e ha la precedenza su tutto).
Decidi TU cosa intendi fare
Re: eliminare webssearcher
A) Disattiva il RIPRISTINO CONFIGURAZIONE DI SISTEMA (segui le istruzioni):
1) Istruzioni per: WINDOWS XP;
2) Riavvia il computer e, seguendo le istruzioni, RIATTIVA la funzione di RIPRISTINO CONFIGURAZIONE DI SISTEMA;
B) Scarica: COMBOFIX.
1) SCONNETTI il computer dalla rete;
2) avvia COMBOFIX;
3) IGNORA (quindi prosegui) eventuali messaggi relativi alla presenza dell'antivirus;
4) durante la scansione NON ESEGUIRE operazioni sul computer;
5) Una volta completata la scansione, salva il REPORT rilasciato e allegalo.
Re: eliminare webssearcher
Il problema principale è che la Versione di HitmanPro che ho scaricato non mi consente di eliminare nulla, ma solo di salvare il log! Mi farò risentire appena riuscirò. Ciao.
[Claudio] ha scritto:Facciamo in questo modo, e vediamo di uscirne:
A) Disattiva il RIPRISTINO CONFIGURAZIONE DI SISTEMA (segui le istruzioni):
1) Istruzioni per: WINDOWS XP;
2) Riavvia il computer e, seguendo le istruzioni, RIATTIVA la funzione di RIPRISTINO CONFIGURAZIONE DI SISTEMA;
B) Scarica: COMBOFIX.
1) SCONNETTI il computer dalla rete;
2) avvia COMBOFIX;
3) IGNORA (quindi prosegui) eventuali messaggi relativi alla presenza dell'antivirus;
4) durante la scansione NON ESEGUIRE operazioni sul computer;
5) Una volta completata la scansione, salva il REPORT rilasciato e allegalo.
Re: eliminare webssearcher
Evidentemente, tra noi, c'è un problema di comunicazione: il problema principale non sono le scansioni (quelle le vediamo dopo) .... il problema principale è diventato questo:santo_61 ha scritto:Il problema principale è che la Versione di HitmanPro che ho scaricato non mi consente di eliminare nulla, ma solo di salvare il log! Mi farò risentire appena riuscirò.
ribadisco la domanda: PERCHE' IL SISTEMA OPERATIVO NON E' AGGIORNATO?.santo_61 ha scritto:..... ma non mi ero accorto della domanda (perché non ho aggiornato a SP3) ......
Re: eliminare webssearcher
Re: eliminare webssearcher
Non ne vedo la ragione; con quelli del prossimo martedi il supporto per Windows XP sarà "terminato" (ovvero non verranno più rilasciati aggiornamenti di sicurezza per XP) con tutte le conseguenze del caso.santo_61 ha scritto:Non ho aggiornato perché ho avuto paura, ho sentito dire che a volte gli aggiornamenti comportano problemi ......
Pertanto, mettiti al lavoro (il problema malware lo risolviamo dopo): scarica TUTTI gli aggiornamenti proposti da Windows Update (compresi quelli facoltativi).
Ne avrai per un bel pò, presumo; quando avrai concluso il lavoro, allega un nuovo Report di Hijackthis.
- crazy.cat
- Amministratore
- Messaggi: 12479
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: eliminare webssearcher
Cosa è rimasto ancora del websearcher?
Re: eliminare webssearcher
Direi poco o nulla ..... ma c'è molto del resto.crazy.cat ha scritto:Cosa è rimasto ancora del websearcher?
- Al3x
- Amministratore
- Messaggi: 4542
- Iscritto il: mer mag 01, 2013 12:59 pm
- Località: http://127.0.0.1
Re: eliminare webssearcher
crazy.cat ha scritto:Per gli aggiornamenti ne parliamo in caso in una discussione a parte.
Cosa è rimasto ancora del websearcher?
Re: eliminare webssearcher
Al3x ha scritto:si chiama webSSearcher o webSearcher?
- Al3x
- Amministratore
- Messaggi: 4542
- Iscritto il: mer mag 01, 2013 12:59 pm
- Località: http://127.0.0.1
Re: eliminare webssearcher
- crazy.cat
- Amministratore
- Messaggi: 12479
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: eliminare webssearcher
Avevi provato?santo_61 ha scritto:E` scomparso in I.E. ma persiste in Google Chrome...
viewtopic.php?p=20301#p20301
-
- Argomenti simili
- Risposte
- Visite
- Ultimo messaggio
-
- 6 Risposte
- 1829 Visite
-
Ultimo messaggio da CUB3
-
- 14 Risposte
- 3530 Visite
-
Ultimo messaggio da Pulcepiccola
-
- 0 Risposte
- 1010 Visite
-
Ultimo messaggio da crazy.cat
-
- 0 Risposte
- 1420 Visite
-
Ultimo messaggio da crazy.cat
-
- 14 Risposte
- 1484 Visite
-
Ultimo messaggio da Matilda12