eliminare webssearcher

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

eliminare webssearcher

Messaggio da santo_61 »

Come eleiminare webssearcher? Tutte le soluzioni trovate tramite Google si sono rivelate inefficaci. Esiste uno spyware free in grado di riuscirci? Ho provato la free di spyhunter, ma per la rimozione pretende l'acquisto, e a me non va di dare la mia carta di credito su Internet. Grazie.

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: eliminare webssearcher

Messaggio da System » mar apr 01, 2014 5:15 pm


[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

Scarica ADWCLEANER.
1) avvia il programma e clicca sul tasto SEARCH;
2) al termine della scansione, clicca sul tasto ELIMINA;
3) salva il REPORT [Sx] rilasciato dopo l’eliminazione.

Scarica HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:

Immagine

2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il REPORT rilasciato.

Scarica HIJACKTHIS PORTABLE.
1) tasto destro del mouse sull’icona e scegli ESEGUI COME AMMINISTRATORE;
2) clicca su DO A SYSTEM SCAN AND SAVE A LOGFILE;
3) salva il REPORT rilasciato.

Allega i tre report.

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8848
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: eliminare webssearcher

Messaggio da crazy.cat »

Oltre ai pulitori già consigliati, guarda nella lista delle applicazioni installate, dovresti trovarlo li (e può essere che non si la sola applicazione strana che ci trovi).
La storia si è fermata. Nulla esiste tranne il presente senza fine in cui il Partito ha sempre ragione.

Avatar utente
skizzzzo
Livello: microSD (7/15)
Livello: microSD (7/15)
Messaggi: 352
Iscritto il: gio mag 02, 2013 10:27 am

Re: eliminare webssearcher

Messaggio da skizzzzo »

Mi è capitato di dover eliminare quone8 che è anche questo un browser hijacker e ho prima cercato tra le applicazioni installate e l'ho trovato, per disinstallarlo ho usato iobituninstaller che mi ha anche eliminato un paio di chiavi trovate con la scansione approfondita, poi ho seguito la vostra guida http://turbolab.it/8 dalla A alla F e infine ho controllato tutti i browser.
Explorer si apriva in una pagina iniziale bianca ma per il resto era a posto, Firefox anche, Chrome invece nelle impostazioni sotto la voce "Apri una pagina specifica o un insieme di pagine" ancora aveva quell'indirizzo che rimanda a quone8, eliminato anche questo sembra che sia tutto tornato a posto.
Ubuntu 14.04 LTS / Windows 10 Pro Technical Preview Build 9926

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Grazie mille: problema risolto già con HitmanPro, ma solo su I.E.. Persiste invece su GoogleChrome. Non sono riuscito a creare il report di HitmanPro. Vorrei allegare gli altri due ma non so come fare e sulle FAQ non ho trovato indicazioni... Grazie.
[Claudio] ha scritto:Scarica ADWCLEANER.
1) avvia il programma e clicca sul tasto SEARCH;
2) al termine della scansione, clicca sul tasto ELIMINA;
3) salva il REPORT [Sx] rilasciato dopo l’eliminazione.

Scarica HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:

Immagine

2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il REPORT rilasciato.

Scarica HIJACKTHIS PORTABLE.
1) tasto destro del mouse sull’icona e scegli ESEGUI COME AMMINISTRATORE;
2) clicca su DO A SYSTEM SCAN AND SAVE A LOGFILE;
3) salva il REPORT rilasciato.

Allega i tre report.

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8848
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: eliminare webssearcher

Messaggio da crazy.cat »

santo_61 ha scritto:Persiste invece su GoogleChrome.
Prova a seguire le indicazioni
https://turbolab.it/167
Anche se avevo usato snap.do non dovrebbero poi cambiare di molto.
La storia si è fermata. Nulla esiste tranne il presente senza fine in cui il Partito ha sempre ragione.

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

santo_61 ha scritto:Non sono riuscito a creare il report di HitmanPro.
Riesegui HitmanPro, nella maschera principale clicca su IMPOSTAZIONI - scegli CRONOLOGIA - apri il tab LOG e recupera il report della scansione.
Vorrei allegare gli altri due ma non so come fare e sulle FAQ non ho trovato indicazioni ......
Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Tutto ok, ho il report di HitmanPro, ma non riesco a capire come caricare in allegato a questo forum i tre log. Potresti essere più chiaro? Grazie! :)
[Claudio] ha scritto:
santo_61 ha scritto:Non sono riuscito a creare il report di HitmanPro.
Riesegui HitmanPro, nella maschera principale clicca su IMPOSTAZIONI - scegli CRONOLOGIA - apri il tab LOG e recupera il report della scansione.
Vorrei allegare gli altri due ma non so come fare e sulle FAQ non ho trovato indicazioni ......
Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

santo_61 ha scritto:Tutto ok, ho il report di HitmanPro, ma non riesco a capire come caricare in allegato a questo forum i tre log. Potresti essere più chiaro? Grazie! :)
Più chiaro di cosi?? :s
[Claudio] ha scritto:Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.
vediamo..... :bisbiglio ..... carica i REPORT su Wikisend ----->>> CLICCA QUI ...... e pubblica il FORUMLINK proposto per ognuno.

Altrimenti, copia ed incolla qui il risultato del report.

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Scusa, opto per il copia-incolla...
# AdwCleaner v3.023 - Report created 02/04/2014 at 18:28:45
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : SANTO - SANTO-C2E6631A4
# Running from : C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner-3-0-23-es-en-br-fr-de-win[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\SupTab
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\Systweak
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\webssearches
Folder Deleted : C:\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup
[!] Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\SANTO\Desktop\MyPC Backup.lnk
File Deleted : C:\WINDOWS\Tasks\View Password Update.job
File Deleted : C:\WINDOWS\Tasks\View Password_wd.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upfst_it_86.exe]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\free_soft_to_day
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\webssearchesSoftware
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_it_86_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v

[ File : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]

Deleted : suggest_url
Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [19273 octets] - [29/03/2014 21:30:31]
AdwCleaner[R1].txt - [11507 octets] - [02/04/2014 18:27:59]
AdwCleaner[S0].txt - [881 octets] - [02/04/2014 18:25:44]
AdwCleaner[S1].txt - [10750 octets] - [02/04/2014 18:28:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10811 octets] ##########
HitmanPro 3.7.9.216
http://www.hitmanpro.com

Computer name . . . . : SANTO-C2E6631A4
Windows . . . . . . . : 5.1.2.2600.X86/1
User name . . . . . . : SANTO-C2E6631A4\SANTO
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-04-02 18:38:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 31
Traces . . . . . . . : 99

Objects scanned . . . : 402.205
Files scanned . . . . : 11.466
Remnants scanned . . : 46.561 files / 344.178 keys

Malware _____________________________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe -> Deleted
Size . . . . . . . : 3.271.504 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:29)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5B0C0F8A5BA17417650040E03EBE9640561E11DF5A3C452A0F93149C8003DFCA
Product . . . . . : fst_it_86
Publisher . . . . : free_soft_to_day
Description . . . : fst_it_86 Setup
Version
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Eorezo.ctl
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\fst_it_2603-5eb5d219.exe
Forensic Cluster
-84.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-82.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-80.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-80.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-78.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-77.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-77.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-76.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-70.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-70.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-70.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-70.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-65.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-63.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-53.3s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-52.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-52.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-34.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-34.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-34.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-33.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-33.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-31.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-31.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-30.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe -> Quarantined
Size . . . . . . . : 6.212.734 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:35)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5993D423DF163BF80DF0369801F761FBEFD7BCC8A992F47AD1570AA6BBDB1E1D
Product . . . . . : Ohwwxuttyi
Publisher . . . . : Jrtpxvizmgiiro
Description . . . : Jqfdunkrruwjvw
Version . . . . . : 25.2.25.14
Copyright . . . . : Unxcf
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ajsd
Fuzzy . . . . . . : 105.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\hdplus_it_2803-edf307dc.exe
Forensic Cluster
-90.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-88.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-87.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-86.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-85.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-84.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-84.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-83.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-83.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-82.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-77.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-77.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-76.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-71.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-59.7s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-59.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-58.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-41.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-40.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-40.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-38.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-38.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-38.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-37.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-37.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe

C:\Programmi\Jotzey\JotzeyBHO.dll -> Quarantined
Size . . . . . . . : 249.624 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:02)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 488DABEE25EAD82AF77B04C290B868DEE807745EAF3BDAC207D2E43AF893C8D0
Product . . . . . : Jotzey
Publisher . . . . : Jotzey
Description . . . : Jotzey
Version . . . . . : 1.0.0.3
Copyright . . . . : (c) Jotzey. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ahbx
Fuzzy . . . . . . : 91.0
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
References
HKLM\SOFTWARE\Classes\CLSID\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
HKLM\SOFTWARE\Classes\TypeLib\{4e1ca9b1-c816-4b8a-bd4c-546fbc5008de}\
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
Forensic Cluster
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-1.9s C:\Programmi\Jotzey\
0.0s C:\Programmi\Jotzey\JotzeyBHO.dll
1.9s C:\Programmi\Jotzey\updateJotzey.InstallState
4.6s C:\Programmi\Jotzey\Jotzey.ico
4.6s C:\Programmi\Jotzey\JotzeyUninstall.exe

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe -> Quarantined
Size . . . . . . . : 3.234.256 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:28:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F29CDDA5134C6EE624284E3A993D2821EC3BE8D9C34D1B918FAED90A4C1DFF8A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
Fuzzy . . . . . . : 101.0
Forensic Cluster
-2.6s C:\AdwCleaner\AdwCleaner[S1].txt
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034445.exe
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034446.dll
-2.0s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034447.exe
-1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034448.exe
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034449.exe
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034450.exe
-1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034451.exe
-1.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034452.exe
-0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034453.dll
-0.8s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\Uninstall\
-0.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034454.dll
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034455.exe
-0.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034456.exe
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe
0.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\TrustChecker\
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\PTPCACHE\
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034458.dll
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\SupTab\
0.8s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\
0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034459.exe
1.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\images\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034460.lnk
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034461.lnk
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034462.dll
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034463.exe
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034464.dll
1.9s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Desktop\
1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034465.lnk
1.9s C:\AdwCleaner\Quarantine\C\WINDOWS\Tasks\
26.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034466.ini


Suspicious files ____________________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:53)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-8.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:45)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
8.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:33)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:14)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:39:42)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAE6WUU3
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk240.tmp
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAM89UOF
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk242.tmp
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAPGSPS7
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk245.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAQ2R73M
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk247.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAR5NR02
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CA4IGD5E
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk249.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24B.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CATIIHRV
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24D.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAOZ14V8
-64.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAK4VM64
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAY0ZCV4
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\italianartcafe[1].jpg
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\spedizione[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\espresso[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\v3[1].png
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\dem_artcafev2_04[1].jpg
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\wp_logo_dem[1].gif
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\macchina[1].jpg
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\prezzo[1].jpg
-60.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\acquistasubito[1].jpg
-60.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\incluse[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\testo_2[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\seguici[1].jpg
-60.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\pagamenti[1].jpg
-60.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\sconto[1].jpg
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\[1]
-38.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\MaxtorX6L200M0_L41VTN7G[3].htm
-33.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\BannerServer[1]
-33.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\trustBanner[1].js
-32.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\js[1]
-32.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\ca[1].htm
-31.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setAdImpData[1].js
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\d5d55fa53e395133e03ec5187e7de9af[1].jpg
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\ANX_async_usersync[1].js
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[2].jsonp
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\i[1].txt
-29.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\chrome-48[1].png
-29.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\nav_logo80[1].png
-29.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\logo9w[1].png
-29.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\rs=AItRSTMshz5YsCL6mqjNnhXV39hxU0vwuw[1]
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\favicon[2].ico
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\nav_logo176[1].png
-29.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sem_0811d504065eed7057d7047ed460672a[1].js
-28.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\match.min.20120213[1].js
-26.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\loading[1].gif
-26.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\sf_allenby[1].js
-26.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[1].htm
-25.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\noise[1].png
-25.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\closeBtn[1].png
-12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033265.MSI
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033285.msi
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033266.MST
-4.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\1378046917[1].htm
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033286.mst
-2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\votes-resume[1]
-2.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\comments[1]
-0.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\7463a8.mst
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\chart[1].png
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033268.dll
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033269.dll
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033278.dll
1.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033270.dll
1.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033271.dll
1.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\extension[3].js
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033272.dll
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033273.dll
16.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033274.ini
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\rp.log
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
18.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
18.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
18.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_.DEFAULT
19.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SECURITY
19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SOFTWARE
20.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SYSTEM
21.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SAM
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\ComDb.Dat
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\domain.txt
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\drivetable.txt
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\$WinMgmt.CFG
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.1
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.4
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.2
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.3
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.BTR
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING.VER
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING1.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING2.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.DATA
22.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.MAP
22.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\RestorePointSize
24.1s C:\Programmi\Enigma Software Group\SpyHunter\
24.1s C:\sh4ldr\
24.1s C:\Programmi\Enigma Software Group\SpyHunter\ExecutionGuard.dll
24.1s C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
24.3s C:\Programmi\Enigma Software Group\SpyHunter\Common.dll
24.3s C:\Programmi\Enigma Software Group\SpyHunter\SHDS.mht
24.3s C:\Programmi\Enigma Software Group\SpyHunter\ShScanner.dll
24.4s C:\Programmi\Enigma Software Group\SpyHunter\ESGRKCHK.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\Defman.dll
24.5s C:\Programmi\Enigma Software Group\SpyHunter\Defs\
26.1s C:\sh4ldr\vmlinuz
26.1s C:\sh4ldr\initrd.gz
26.2s C:\sh4ldr\shldr
26.2s C:\Programmi\Enigma Software Group\SpyHunter\English.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\native.exe
26.3s C:\Programmi\Enigma Software Group\SpyHunter\license.txt
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Dutch.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Danish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\German.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\French.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Portuguese.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Norwegian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Spanish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Italian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\purl.dat
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Swedish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Lithuanian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Czech.lng
26.4s C:\WINDOWS\system32\ESGScanner.sys
26.4s C:\WINDOWS\system32\EsgScanner.inf
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Finnish.lng
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Russian.lng
26.4s C:\sh4ldr\shldr.mbr
26.4s C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys
26.4s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\
26.7s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\Uninstall SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Desktop\SpyHunter.lnk
26.9s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter Emergency Startup.lnk
27.1s C:\WINDOWS\Installer\6ae52b.msi
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
34.5s C:\Programmi\Enigma Software Group\SpyHunter\SH4.com
34.8s C:\Programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140401_184041.log
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\hosts.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\system.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\win.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\dns.dat

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:51)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033276.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033281.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033279.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033280.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033282.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033283.dll
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033277.exe
3.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033312.sys

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 17:28:07)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033182.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033173.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033177.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033175.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033178.exe
0.1s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033174.exe
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
34.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\
34.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\rp.log
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
35.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033170.ini
36.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
36.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
37.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
37.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
40.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
41.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_.DEFAULT
41.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SECURITY
42.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SOFTWARE

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:08)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.6s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MSI
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033245.msi
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033251.mst
-4.0s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MST
-0.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\6ab93b.mst
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033237.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033241.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033239.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033240.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033242.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033244.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033238.exe

C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:36:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\rp.log
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
-4.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
-4.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_.DEFAULT
-3.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SECURITY
-3.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SOFTWARE
-2.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SYSTEM
-2.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SAM
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\ComDb.Dat
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\domain.txt
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\drivetable.txt
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\
-2.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\$WinMgmt.CFG
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.BTR
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING.VER
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING1.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING2.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.DATA
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.MAP
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\RestorePointSize
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\change.log.1
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe
0.3s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll
10.6s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\rp.log
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
11.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
11.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
11.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
11.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
11.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
12.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_.DEFAULT
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SECURITY
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SOFTWARE
13.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SYSTEM
13.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SAM
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\ComDb.Dat
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\domain.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\drivetable.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\$WinMgmt.CFG
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\change.log.1
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.BTR
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING.VER
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING1.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING2.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.DATA
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.MAP
14.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\RestorePointSize


Malware remnants ____________________________________________________________

C:\Programmi\Jotzey\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\BrowserAdapterS.7z (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 4.0 days (2014-03-29 17:45:20)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
Forensic Cluster
-19.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032998.dll
-19.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032997.dll
-19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032996.dll
-19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032995.dll
-19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032994.dll
-7.2s C:\WINDOWS\Temp\tmp4B.tmp
-7.2s C:\WINDOWS\Temp\tmp4C.tmp
-6.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031766.exe
-0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032993.sys
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033101.exe
0.0s C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe

C:\Programmi\Jotzey\bin\FilterApp_C.exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:05:26)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 3832
Fuzzy . . . . . . : -5.0
Forensic Cluster
-2.5s C:\Documents and Settings\SANTO\Cookies\santo@search.conduit[2].txt
-0.1s C:\WINDOWS\system32\drivers\tStLibG.sys
0.0s C:\Programmi\Jotzey\bin\FilterApp_C.exe
2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\Recovery\Active\{7146F038-B9B7-11E3-8DB5-00508D7F8E11}.dat

C:\Programmi\Jotzey\bin\plugins\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll (Jotzey) -> Deleted
Size . . . . . . . : 79.640 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:51)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 2512BD177A2BD11DCD4659457DCB0D2BCAD17007AD136EB5ADC433410A3C9403
Description . . . :
Version . . . . . : 1.0.5196.21749
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll (Jotzey) -> Deleted
Size . . . . . . . : 761.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : BDC175731F128A1A25FE14E198A763F0ABE80EEF2AC3D3CE9C950AD73DBAA7A8
Description . . . :
Version . . . . . : 1.0.5200.28738
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll (Jotzey) -> Deleted
Size . . . . . . . : 57.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:55)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 9CFBB1CA3C94EF2B27B5D90E2331E263AF5D5A2AF43B2EE4E4B9032028859875
Description . . . :
Version . . . . . : 1.0.5197.24595
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
-4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 459.544 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:38:40)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 615313A706AD380551CA7AA357B2B4BDE4E7ED05039BED8242AC1775CEE04915
Description . . . :
Version . . . . . : 1.0.5182.28943
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
Forensic Cluster
-0.0s C:\Programmi\Jotzey\bin\plugins\
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 544.536 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 36F4C6774D2B5D7B07B29E53A0665352734D2D09939B7D167302BF848713F906
Description . . . :
Version . . . . . : 1.0.5197.30564
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll (Jotzey) -> Deleted
Size . . . . . . . : 763.160 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : EBFD290E21F06AAFC0BF9A177CDB6083B6AB4B5246A8683609D573419A702A11
Description . . . :
Version . . . . . : 1.0.5200.29277
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState

C:\Programmi\Jotzey\bin\utilJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 350.488 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 20ABE0A7D3BB7A9299170295B46BFB75E7DA65DD3E7F1DDA82739D488674CB79
Description . . . :
Version . . . . . : 1.0.5204.19343
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Util Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 3236
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Util Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState

C:\Programmi\Jotzey\bin\utilJotzey.InstallState (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\XTLS.dll (Jotzey) -> Deleted
Size . . . . . . . : 292.632 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2BFD832640790855C4B34D31D3C5D5805644A0572A3820D82289A543A0A9864D
Product . . . . . : XVRNT
Publisher . . . . : TODO: <Company name>
Description . . . : TODO: <File description>
Version . . . . . : 2.0.0.6
Copyright . . . . : TODO: (c) <Company name>. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\bin\XTLSApp.dll (Jotzey) -> Deleted
Size . . . . . . . : 179.480 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.6
SHA-256 . . . . . : BCB316D6EAF30D0247091389750C77155F799F65CC455FCBB3172B25B3D00525
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\bin\XTLSApp.exe (Jotzey) -> Deleted
Size . . . . . . . : 78.616 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2C6480B4340A561B535CC207C807C23A3D478C8B0B450BC5EE83D30481C3C923
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 404
Fuzzy . . . . . . : 1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\Jotzey.ico (Jotzey) -> Deleted
C:\Programmi\Jotzey\JotzeyUninstall.exe (Jotzey) -> Deleted
Size . . . . . . . : 240.929 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:07)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B8575E1A622E5C11F8124E46427632A5CF841943FE8423CA55EB8DB7E3029F3D
Fuzzy . . . . . . : 8.0
Forensic Cluster
-8.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-6.5s C:\Programmi\Jotzey\
-4.6s C:\Programmi\Jotzey\JotzeyBHO.dll
-2.7s C:\Programmi\Jotzey\updateJotzey.InstallState
0.0s C:\Programmi\Jotzey\Jotzey.ico
0.0s C:\Programmi\Jotzey\JotzeyUninstall.exe

C:\Programmi\Jotzey\updateJotzey(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe

C:\Programmi\Jotzey\updateJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Update Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 2352
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Update Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe

C:\Programmi\Jotzey\updateJotzey.InstallState (Jotzey) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Jotzey\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jotzey\ (Jotzey) -> Deleted
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Jotzey\ (Jotzey) -> Deleted

Potential Unwanted Programs _________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (FTDownloader) -> Deleted
conduit.search
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data

HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader) -> PendingDelete

Cookies _____________________________________________________________________

C:\Documents and Settings\SANTO\Cookies\santo@247realmedia[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@2o7[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.360yield[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.zanox[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.ad4game[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.creative-serving[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.p161[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.yahoo[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@adtechus[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@advertising[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@apmebf[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@atdmt[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@bs.serving-sys[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@casalemedia[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@content.yieldmanager[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@doubleclick[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@eas8.emediate[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@exoclick[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@media6degrees[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ru4[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@serving-sys[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@smartadserver[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@track.adform[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@tribalfusion[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneit.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneitsimple.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdata.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdatas2.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[5].txt
C:\Documents and Settings\SANTO\Cookies\santo@yadro[1].txt
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:doubleclick.net
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19.00.28, on 02/04/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 33.0.1750.154

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\RealNetworks\RealDownloader\recordingmanager.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Programmi\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E57BE96D-C2EB-4836-BF77-40941C89AE43}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7981 bytes
[Claudio] ha scritto:
santo_61 ha scritto:Tutto ok, ho il report di HitmanPro, ma non riesco a capire come caricare in allegato a questo forum i tre log. Potresti essere più chiaro? Grazie! :)
Più chiaro di cosi?? :s
[Claudio] ha scritto:Carica i REPORT su WIKISEND e pubblica il FORUMLINK proposto per ognuno.
vediamo..... :bisbiglio ..... carica i REPORT su Wikisend ----->>> CLICCA QUI ...... e pubblica il FORUMLINK proposto per ognuno.

Altrimenti, copia ed incolla qui il risultato del report.
Edited by Uomo Senza Sonno: la prossima volta utilizziamo il tag Spoiler per inserire i log, di modo da facilitare la lettura dei post. Grazie per la collaborazione
Ultima modifica di Al3x il lun apr 07, 2014 7:32 am, modificato 3 volte in totale.
Motivazione: inserito tag Spoiler

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

Riesegui la scansione con HitmanPro; al termine della scansione e allega il nuovo Report (voglio essere sicuro sia pulito).

*** Edited by The Doctor: certe considerazioni meglio farle via PM

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Fatto.


HitmanPro_20140405_1209.log
[Claudio] ha scritto:Riesegui la scansione con HitmanPro; al termine della scansione e allega il nuovo Report (voglio essere sicuro sia pulito).

*** Edited by The Doctor: certe considerazioni meglio farle via PM

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

santo_61 ha scritto:Fatto.
Chiariamo alcune cose prima di proseguire (perchè è necessario capire se VUOI risolvere il problema, oppure perdere tempo in inutili scansioni):

Questione 1: se, quando esegui la scansione, non ELIMINI tutto ciò che viene rilevato, non se ne esce (tutta quella roba DEVE SPARIRE);

Questione 2: ti ho chiesto perché il sistema non è aggiornato al SP3; se consideri che ti sto offrendo un aiuto, una banale risposta alla domanda sarebbe gradita (perchè quel problema DEVE essere risolto, e ha la precedenza su tutto).

Decidi TU cosa intendi fare :fiu

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

Facciamo in questo modo, e vediamo di uscirne:

A) Disattiva il RIPRISTINO CONFIGURAZIONE DI SISTEMA (segui le istruzioni):
1) Istruzioni per: WINDOWS XP;
2) Riavvia il computer e, seguendo le istruzioni, RIATTIVA la funzione di RIPRISTINO CONFIGURAZIONE DI SISTEMA;

B) Scarica: COMBOFIX.
1) SCONNETTI il computer dalla rete;
2) avvia COMBOFIX;
3) IGNORA (quindi prosegui) eventuali messaggi relativi alla presenza dell'antivirus;
4) durante la scansione NON ESEGUIRE operazioni sul computer;
5) Una volta completata la scansione, salva il REPORT rilasciato e allegalo.

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Grazie per l'interessamento, ma non mi ero accorto della domanda (perché non ho aggiornato a SP3);
Il problema principale è che la Versione di HitmanPro che ho scaricato non mi consente di eliminare nulla, ma solo di salvare il log! Mi farò risentire appena riuscirò. Ciao.
[Claudio] ha scritto:Facciamo in questo modo, e vediamo di uscirne:

A) Disattiva il RIPRISTINO CONFIGURAZIONE DI SISTEMA (segui le istruzioni):
1) Istruzioni per: WINDOWS XP;
2) Riavvia il computer e, seguendo le istruzioni, RIATTIVA la funzione di RIPRISTINO CONFIGURAZIONE DI SISTEMA;

B) Scarica: COMBOFIX.
1) SCONNETTI il computer dalla rete;
2) avvia COMBOFIX;
3) IGNORA (quindi prosegui) eventuali messaggi relativi alla presenza dell'antivirus;
4) durante la scansione NON ESEGUIRE operazioni sul computer;
5) Una volta completata la scansione, salva il REPORT rilasciato e allegalo.

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

santo_61 ha scritto:Il problema principale è che la Versione di HitmanPro che ho scaricato non mi consente di eliminare nulla, ma solo di salvare il log! Mi farò risentire appena riuscirò.
Evidentemente, tra noi, c'è un problema di comunicazione: il problema principale non sono le scansioni (quelle le vediamo dopo) .... il problema principale è diventato questo:
santo_61 ha scritto:..... ma non mi ero accorto della domanda (perché non ho aggiornato a SP3) ......
ribadisco la domanda: PERCHE' IL SISTEMA OPERATIVO NON E' AGGIORNATO?.

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Non ho aggiornato perché ho avuto paura, ho sentito dire che a volte gli aggiornamenti comportano problemi, soprattutto se il download si blocca... (Scusa l'ignoranza...).

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

santo_61 ha scritto:Non ho aggiornato perché ho avuto paura, ho sentito dire che a volte gli aggiornamenti comportano problemi ......
Non ne vedo la ragione; con quelli del prossimo martedi il supporto per Windows XP sarà "terminato" (ovvero non verranno più rilasciati aggiornamenti di sicurezza per XP) con tutte le conseguenze del caso.

Pertanto, mettiti al lavoro (il problema malware lo risolviamo dopo): scarica TUTTI gli aggiornamenti proposti da Windows Update (compresi quelli facoltativi).

Ne avrai per un bel pò, presumo; quando avrai concluso il lavoro, allega un nuovo Report di Hijackthis.

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8848
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: eliminare webssearcher

Messaggio da crazy.cat »

Per gli aggiornamenti ne parliamo in caso in una discussione a parte.
Cosa è rimasto ancora del websearcher?
La storia si è fermata. Nulla esiste tranne il presente senza fine in cui il Partito ha sempre ragione.

[Claudio]

Re: eliminare webssearcher

Messaggio da [Claudio] »

crazy.cat ha scritto:Cosa è rimasto ancora del websearcher?
Direi poco o nulla ..... ma c'è molto del resto.

Avatar utente
Al3x
Amministratore
Amministratore
Messaggi: 3991
Iscritto il: mer mag 01, 2013 12:59 pm
Località: http://127.0.0.1

Re: eliminare webssearcher

Messaggio da Al3x »

si chiama webSSearcher o webSearcher?
I :amore Sasha

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

E` scomparso in I.E. ma persiste in Google Chrome...
crazy.cat ha scritto:Per gli aggiornamenti ne parliamo in caso in una discussione a parte.
Cosa è rimasto ancora del websearcher?

Avatar utente
santo_61
Livello: Scheda perforata (1/15)
Livello: Scheda perforata (1/15)
Messaggi: 9
Iscritto il: dom mar 30, 2014 9:30 am

Re: eliminare webssearcher

Messaggio da santo_61 »

Si chiama webssearcher
Al3x ha scritto:si chiama webSSearcher o webSearcher?

Avatar utente
Al3x
Amministratore
Amministratore
Messaggi: 3991
Iscritto il: mer mag 01, 2013 12:59 pm
Località: http://127.0.0.1

Re: eliminare webssearcher

Messaggio da Al3x »

Grazie, è importante per i motori di ricerca perché ho fatto una rapida verifica e pare che esistano due malware diversi con nomi similari
I :amore Sasha

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8848
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: eliminare webssearcher

Messaggio da crazy.cat »

santo_61 ha scritto:E` scomparso in I.E. ma persiste in Google Chrome...
Avevi provato?
viewtopic.php?p=20301#p20301
La storia si è fermata. Nulla esiste tranne il presente senza fine in cui il Partito ha sempre ragione.

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: eliminare webssearcher

Messaggio da System » lun apr 07, 2014 7:05 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio