TurboLab.it

# AdwCleaner v3.023 - Report created 02/04/2014 at 18:28:45
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : SANTO - SANTO-C2E6631A4
# Running from : C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner-3-0-23-es-en-br-fr-de-win[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect
Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\SupTab
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\Systweak
Folder Deleted : C:\Documents and Settings\SANTO\Dati applicazioni\webssearches
Folder Deleted : C:\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup
[!] Folder Deleted : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\SANTO\Desktop\MyPC Backup.lnk
File Deleted : C:\WINDOWS\Tasks\View Password Update.job
File Deleted : C:\WINDOWS\Tasks\View Password_wd.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upfst_it_86.exe]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\free_soft_to_day
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\webssearchesSoftware
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_it_86_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v

[ File : C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]

Deleted : suggest_url
Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [19273 octets] - [29/03/2014 21:30:31]
AdwCleaner[R1].txt - [11507 octets] - [02/04/2014 18:27:59]
AdwCleaner[S0].txt - [881 octets] - [02/04/2014 18:25:44]
AdwCleaner[S1].txt - [10750 octets] - [02/04/2014 18:28:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10811 octets] ##########

HitmanPro 3.7.9.216
http://www.hitmanpro.com

Computer name . . . . : SANTO-C2E6631A4
Windows . . . . . . . : 5.1.2.2600.X86/1
User name . . . . . . : SANTO-C2E6631A4\SANTO
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-04-02 18:38:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 31
Traces . . . . . . . : 99

Objects scanned . . . : 402.205
Files scanned . . . . : 11.466
Remnants scanned . . : 46.561 files / 344.178 keys

Malware _____________________________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe -> Deleted
Size . . . . . . . : 3.271.504 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:29)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5B0C0F8A5BA17417650040E03EBE9640561E11DF5A3C452A0F93149C8003DFCA
Product . . . . . : fst_it_86
Publisher . . . . : free_soft_to_day
Description . . . : fst_it_86 Setup
Version
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Eorezo.ctl
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\fst_it_2603-5eb5d219.exe
Forensic Cluster
-84.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-82.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-80.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-80.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-79.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-78.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-78.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-77.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-77.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-76.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-76.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-70.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-70.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-70.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-70.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-65.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-63.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-62.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-53.3s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-52.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-52.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-51.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-50.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-50.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-38.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-34.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-34.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-34.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-33.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-33.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.6s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-32.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-31.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-31.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-31.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-30.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-30.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe -> Quarantined
Size . . . . . . . : 6.212.734 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:14:35)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5993D423DF163BF80DF0369801F761FBEFD7BCC8A992F47AD1570AA6BBDB1E1D
Product . . . . . : Ohwwxuttyi
Publisher . . . . : Jrtpxvizmgiiro
Description . . . : Jqfdunkrruwjvw
Version . . . . . : 25.2.25.14
Copyright . . . . : Unxcf
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ajsd
Fuzzy . . . . . . : 105.0
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\n968\hdplus_it_2803-edf307dc.exe
Forensic Cluster
-90.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\MaxtorX6L200M0_L41VTN7G[1].htm
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-89.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\istart.webssearches[1].com
-88.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\gsd[4].html
-87.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\gsd[1].htm
-86.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\BannerServer[2]
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-86.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[1].html
-85.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\slider_anchored_300x250_284[2].htm
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\impressions[1].gif
-85.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\creatives[1].gif
-84.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\a_usersync[1]
-84.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\ca[2].htm
-83.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[3].jsonp
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\u[1].gif
-83.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setImpData[2].html
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\i[1].txt
-83.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\setData[1].html
-83.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\a_usersync[1]
-83.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\setUserData[2].js
-82.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\t[1]
-77.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\search[1]
-77.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sf_allenby[1].js
-77.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1]
-76.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[2].htm
-76.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\search[1]
-71.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\search[1].htm
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\Dock[1].swf
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-69.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\applistall.min[1].js
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\Sprite[1].png
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-67.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\rizzo[1].ashx
-59.7s C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
-59.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\adwcleaner[2].htm
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\css[1].css
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\min[1].css
-58.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\dc[1].js
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\grad[1].jpg
-58.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\7U2WVQLzYo7fqCE9hsW0CA[1].eot
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\toolbar-screen[1].jpg
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\80147-eb401ac1ac57c20ba328f1d7c6817fe8m[1].png
-57.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\download-arrow[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\adwcleaner[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\star[2].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\logo-v3-footer[1].png
-57.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\stars[1].png
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-56.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\favicon[3].ico
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-52.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\AdwCleaner[1].exe
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\
-45.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\s968.exe
-41.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\1711-2321-4218-2044[1].txt
-40.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].css
-40.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\ender.min[1].js
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\iconos[1].png
-40.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\box[1].jpg
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-39.0s C:\Documents and Settings\SANTO\Cookies\santo@flv.hs1dmr[1].txt
-38.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\app.min[1].js
-38.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\0aa91cf10529d9960c7fdaf92a4fef69[1].txt
-38.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\clkL.min[1].js
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\theme1_template8[1].css
-37.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\blank[3].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\Adpilot_IT_300X250_weight-loss-woman2_456709e1_fc[1].gif
-37.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\blank[1].gif
-37.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\SD_SpeedupmyPC_It[1].png
-37.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\addon[1].png
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-36.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\sprite[1].jpg
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
-6.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\fst_it_2603-5eb5d219.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\n968\hdplus_it_2803-edf307dc.exe

C:\Programmi\Jotzey\JotzeyBHO.dll -> Quarantined
Size . . . . . . . : 249.624 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:02)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 488DABEE25EAD82AF77B04C290B868DEE807745EAF3BDAC207D2E43AF893C8D0
Product . . . . . : Jotzey
Publisher . . . . : Jotzey
Description . . . : Jotzey
Version . . . . . : 1.0.0.3
Copyright . . . . : (c) Jotzey. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.ahbx
Fuzzy . . . . . . : 91.0
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
References
HKLM\SOFTWARE\Classes\CLSID\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
HKLM\SOFTWARE\Classes\TypeLib\{4e1ca9b1-c816-4b8a-bd4c-546fbc5008de}\
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63a20a19-b1e6-4355-ab4c-28553af40ca2}\
Forensic Cluster
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-1.9s C:\Programmi\Jotzey\
0.0s C:\Programmi\Jotzey\JotzeyBHO.dll
1.9s C:\Programmi\Jotzey\updateJotzey.InstallState
4.6s C:\Programmi\Jotzey\Jotzey.ico
4.6s C:\Programmi\Jotzey\JotzeyUninstall.exe

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe -> Quarantined
Size . . . . . . . : 3.234.256 bytes
Age . . . . . . . : 0.0 days (2014-04-02 18:28:47)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F29CDDA5134C6EE624284E3A993D2821EC3BE8D9C34D1B918FAED90A4C1DFF8A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Agent.NYU
Fuzzy . . . . . . : 101.0
Forensic Cluster
-2.6s C:\AdwCleaner\AdwCleaner[S1].txt
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034445.exe
-2.2s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034446.dll
-2.0s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\jmdp\
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034447.exe
-1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034448.exe
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\
-1.7s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034449.exe
-1.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034450.exe
-1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034451.exe
-1.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034452.exe
-0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034453.dll
-0.8s C:\AdwCleaner\Quarantine\C\WINDOWS\system32\WNLT\Installation\Uninstall\
-0.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034454.dll
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034455.exe
-0.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034456.exe
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\
-0.3s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\UI\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\rep\
-0.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\SearchProtect\SearchProtect\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034457.exe
0.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\fst_it_86\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\
0.4s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\TrustChecker\
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\CheckPoint\ZoneAlarm LTD Toolbar\PTPCACHE\
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034458.dll
0.5s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\SupTab\
0.8s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\
0.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034459.exe
1.0s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Dati applicazioni\webssearches\images\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\MyPC Backup\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\Programmi\
1.1s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Menu Avvio\
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034460.lnk
1.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034461.lnk
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\
1.2s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034462.dll
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034463.exe
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034464.dll
1.9s C:\AdwCleaner\Quarantine\C\Documents and Settings\SANTO\Desktop\
1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034465.lnk
1.9s C:\AdwCleaner\Quarantine\C\WINDOWS\Tasks\
26.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034466.ini


Suspicious files ____________________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:53)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-8.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
-8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
-8.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:33:45)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.511\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe
8.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
8.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.194\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:33)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.732\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Size . . . . . . . : 6.427.008 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:23:14)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 230EBDC16D8E8EDC4421224450210159DEE2D5FC89AF8A21AA76308641AD0A07
Product . . . . . : SpyHunter4
Publisher . . . . : Enigma Software Group USA, LLC.
Description . . . : SpyHunter4 application
Version . . . . . : 4.15.1.4270
Copyright . . . . : Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\SANTO\IMPOST~1\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
Forensic Cluster
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\
-0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\
0.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Readme.txt
0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\Rar$EXa0.764\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\spyhunterS4.exe

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:39:42)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-69.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAE6WUU3
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk240.tmp
-68.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAM89UOF
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk242.tmp
-68.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAPGSPS7
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk245.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAQ2R73M
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk247.tmp
-68.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAR5NR02
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CA4IGD5E
-68.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk249.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24B.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CATIIHRV
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\wbk24D.tmp
-68.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAOZ14V8
-64.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAK4VM64
-61.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\CAY0ZCV4
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\italianartcafe[1].jpg
-61.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\spedizione[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\espresso[1].jpg
-60.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\v3[1].png
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\dem_artcafev2_04[1].jpg
-60.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\wp_logo_dem[1].gif
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\macchina[1].jpg
-60.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\prezzo[1].jpg
-60.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\acquistasubito[1].jpg
-60.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\incluse[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\testo_2[1].jpg
-60.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\seguici[1].jpg
-60.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\pagamenti[1].jpg
-60.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\sconto[1].jpg
-58.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\[1]
-38.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\MaxtorX6L200M0_L41VTN7G[3].htm
-33.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\BannerServer[1]
-33.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\trustBanner[1].js
-32.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\js[1]
-32.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\ca[1].htm
-31.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\setAdImpData[1].js
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\d5d55fa53e395133e03ec5187e7de9af[1].jpg
-31.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\ANX_async_usersync[1].js
-31.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\creative[2].jsonp
-30.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\i[1].txt
-29.8s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\chrome-48[1].png
-29.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\nav_logo80[1].png
-29.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\logo9w[1].png
-29.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\rs=AItRSTMshz5YsCL6mqjNnhXV39hxU0vwuw[1]
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\favicon[2].ico
-29.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\nav_logo176[1].png
-29.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\sem_0811d504065eed7057d7047ed460672a[1].js
-28.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\match.min.20120213[1].js
-26.9s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\loading[1].gif
-26.5s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\sf_allenby[1].js
-26.0s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\plugin_w[1].htm
-25.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\8FBQ73ZN\noise[1].png
-25.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\closeBtn[1].png
-12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033265.MSI
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033285.msi
-4.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033266.MST
-4.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZB04T96\1378046917[1].htm
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033286.mst
-2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\votes-resume[1]
-2.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\comments[1]
-0.4s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\7463a8.mst
-0.2s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\chart[1].png
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033267.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033268.dll
0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033269.dll
1.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033278.dll
1.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033270.dll
1.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033271.dll
1.6s C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\2D61WT0J\extension[3].js
1.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033272.dll
1.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033273.dll
16.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\A0033274.ini
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\rp.log
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\
18.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
18.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
18.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
18.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
18.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_USER_.DEFAULT
19.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SECURITY
19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SOFTWARE
20.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SYSTEM
21.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\_REGISTRY_MACHINE_SAM
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\ComDb.Dat
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\domain.txt
21.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\drivetable.txt
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\$WinMgmt.CFG
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.1
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.4
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.2
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log.3
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\change.log
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.BTR
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\INDEX.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING.VER
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING1.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\MAPPING2.MAP
21.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.DATA
22.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\snapshot\Repository\FS\OBJECTS.MAP
22.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\RestorePointSize
24.1s C:\Programmi\Enigma Software Group\SpyHunter\
24.1s C:\sh4ldr\
24.1s C:\Programmi\Enigma Software Group\SpyHunter\ExecutionGuard.dll
24.1s C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
24.3s C:\Programmi\Enigma Software Group\SpyHunter\Common.dll
24.3s C:\Programmi\Enigma Software Group\SpyHunter\SHDS.mht
24.3s C:\Programmi\Enigma Software Group\SpyHunter\ShScanner.dll
24.4s C:\Programmi\Enigma Software Group\SpyHunter\ESGRKCHK.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\SH4Service.exe
24.4s C:\Programmi\Enigma Software Group\SpyHunter\Defman.dll
24.5s C:\Programmi\Enigma Software Group\SpyHunter\Defs\
26.1s C:\sh4ldr\vmlinuz
26.1s C:\sh4ldr\initrd.gz
26.2s C:\sh4ldr\shldr
26.2s C:\Programmi\Enigma Software Group\SpyHunter\English.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\native.exe
26.3s C:\Programmi\Enigma Software Group\SpyHunter\license.txt
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Dutch.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Danish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\German.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\French.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Portuguese.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Norwegian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Spanish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Italian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\purl.dat
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Swedish.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Lithuanian.lng
26.3s C:\Programmi\Enigma Software Group\SpyHunter\Czech.lng
26.4s C:\WINDOWS\system32\ESGScanner.sys
26.4s C:\WINDOWS\system32\EsgScanner.inf
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Finnish.lng
26.4s C:\Programmi\Enigma Software Group\SpyHunter\Russian.lng
26.4s C:\sh4ldr\shldr.mbr
26.4s C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys
26.4s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\
26.7s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\Uninstall SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter.lnk
26.8s C:\Documents and Settings\SANTO\Desktop\SpyHunter.lnk
26.9s C:\Documents and Settings\SANTO\Menu Avvio\Programmi\SpyHunter\SpyHunter Emergency Startup.lnk
27.1s C:\WINDOWS\Installer\6ae52b.msi
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
28.0s C:\Documents and Settings\SANTO\Dati applicazioni\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
34.5s C:\Programmi\Enigma Software Group\SpyHunter\SH4.com
34.8s C:\Programmi\Enigma Software Group\SpyHunter\INSTALL.LOG
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\
59.0s C:\Programmi\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140401_184041.log
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\
62.7s C:\Programmi\Enigma Software Group\SpyHunter\mon\hosts.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\system.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\win.ini.bk
62.8s C:\Programmi\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\
65.1s C:\Programmi\Enigma Software Group\SpyHunter\Data\dns.dat

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:51)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033275.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033276.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033281.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033279.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033280.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033282.exe
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033283.dll
0.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033277.exe
3.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033312.sys

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 17:28:07)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-20.3s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MSI
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033181.msi
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.6s C:\Programmi\File comuni\Wise Installation Wizard\WISAF54923662584AC6A0435B5B89C6EB61_4_17_6_4336.MST
-14.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033182.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
-1.1s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\32c263.mst
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033172.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033173.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033177.dll
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033175.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033176.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033178.exe
0.1s C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033174.exe
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
29.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033179.ini
34.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\
34.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\rp.log
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\
34.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
35.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\change.log.1
35.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033170.ini
36.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
36.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
37.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
37.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
40.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
41.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_USER_.DEFAULT
41.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SECURITY
42.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\snapshot\_REGISTRY_MACHINE_SOFTWARE

C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:29:08)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.6s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MSI
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033245.msi
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033251.mst
-4.0s C:\Programmi\File comuni\Wise Installation Wizard\WISDB847E94446B49E0AC5DC5627EC8B0C0_4_15_1_4270.MST
-0.3s C:\Documents and Settings\SANTO\Impostazioni locali\Temp\6ab93b.mst
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033236.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033237.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033241.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033239.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033240.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033242.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033244.exe
0.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\A0033238.exe

C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
Size . . . . . . . : 27.499 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:36:54)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A597940DFFD85AB8FC94C19DD4E23D96F170D4F48A72EAA6E7677086E8BC66E0
Publisher . . . . : Altiris
Description . . . : WiseDll.dll
Version . . . . . : 7.03.0.250
Copyright . . . . : (c) Altiris All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\rp.log
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
-4.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
-4.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
-4.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
-4.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
-4.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
-4.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_USER_.DEFAULT
-3.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SECURITY
-3.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SOFTWARE
-2.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SYSTEM
-2.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\_REGISTRY_MACHINE_SAM
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\ComDb.Dat
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\domain.txt
-2.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP98\drivetable.txt
-2.2s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\
-2.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\$WinMgmt.CFG
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.BTR
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\INDEX.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING.VER
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING1.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\MAPPING2.MAP
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.DATA
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\snapshot\Repository\FS\OBJECTS.MAP
-1.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\RestorePointSize
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\change.log.1
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCall.dll
0.0s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla2.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla18.dll
0.1s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla19.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla20.dll
0.2s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla21.exe
0.3s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseCustomCalla17.dll
10.6s C:\WINDOWS\DB847E94446B49E0AC5DC5627EC8B0C0.TMP\WiseData.ini
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\rp.log
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
11.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
11.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
11.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
11.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
11.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-1580436667-839522115-1003
11.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-1580436667-839522115-1003
12.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_USER_.DEFAULT
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SECURITY
12.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SOFTWARE
13.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SYSTEM
13.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\_REGISTRY_MACHINE_SAM
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\ComDb.Dat
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\domain.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP99\drivetable.txt
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\$WinMgmt.CFG
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\change.log.1
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\
13.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.BTR
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\INDEX.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING.VER
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING1.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\MAPPING2.MAP
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.DATA
13.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\snapshot\Repository\FS\OBJECTS.MAP
14.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP100\RestorePointSize


Malware remnants ____________________________________________________________

C:\Programmi\Jotzey\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\BrowserAdapterS.7z (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 4.0 days (2014-03-29 17:45:20)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
Forensic Cluster
-19.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032998.dll
-19.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032997.dll
-19.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032996.dll
-19.1s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032995.dll
-19.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032994.dll
-7.2s C:\WINDOWS\Temp\tmp4B.tmp
-7.2s C:\WINDOWS\Temp\tmp4C.tmp
-6.7s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031766.exe
-0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032993.sys
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033101.exe
0.0s C:\Programmi\Jotzey\bin\FilterApp_C(2)(3).exe

C:\Programmi\Jotzey\bin\FilterApp_C.exe (Jotzey) -> Deleted
Size . . . . . . . : 238.872 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:05:26)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 6071433A04C9DD33CEAC0FC2306EB867F71A5B7C25537FDC7012576E94E5FA74
Product . . . . . : StLib
Publisher . . . . : StLib.com
Description . . . : StLibs
Version . . . . . : 1.1.1.0
Copyright . . . . : Copyright (C) StLib.com 2013
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 3832
Fuzzy . . . . . . : -5.0
Forensic Cluster
-2.5s C:\Documents and Settings\SANTO\Cookies\santo@search.conduit[2].txt
-0.1s C:\WINDOWS\system32\drivers\tStLibG.sys
0.0s C:\Programmi\Jotzey\bin\FilterApp_C.exe
2.7s C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\Recovery\Active\{7146F038-B9B7-11E3-8DB5-00508D7F8E11}.dat

C:\Programmi\Jotzey\bin\plugins\ (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll (Jotzey) -> Deleted
Size . . . . . . . : 79.640 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:51)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 2512BD177A2BD11DCD4659457DCB0D2BCAD17007AD136EB5ADC433410A3C9403
Description . . . :
Version . . . . . : 1.0.5196.21749
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll (Jotzey) -> Deleted
Size . . . . . . . : 761.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : BDC175731F128A1A25FE14E198A763F0ABE80EEF2AC3D3CE9C950AD73DBAA7A8
Description . . . :
Version . . . . . : 1.0.5200.28738
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll (Jotzey) -> Deleted
Size . . . . . . . : 57.624 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:55)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 9CFBB1CA3C94EF2B27B5D90E2331E263AF5D5A2AF43B2EE4E4B9032028859875
Description . . . :
Version . . . . . : 1.0.5197.24595
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
Forensic Cluster
-4.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.5s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 459.544 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:38:40)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 615313A706AD380551CA7AA357B2B4BDE4E7ED05039BED8242AC1775CEE04915
Description . . . :
Version . . . . . : 1.0.5182.28943
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
Forensic Cluster
-0.0s C:\Programmi\Jotzey\bin\plugins\
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.FFUpdate.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll (Jotzey) -> Deleted
Size . . . . . . . : 544.536 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:56)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 36F4C6774D2B5D7B07B29E53A0665352734D2D09939B7D167302BF848713F906
Description . . . :
Version . . . . . : 1.0.5197.30564
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-4.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-0.2s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
0.3s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll (Jotzey) -> Deleted
Size . . . . . . . : 763.160 bytes
Age . . . . . . . : 1.0 days (2014-04-01 18:04:57)
Entropy . . . . . : 7.8
SHA-256 . . . . . : EBFD290E21F06AAFC0BF9A177CDB6083B6AB4B5246A8683609D573419A702A11
Description . . . :
Version . . . . . : 1.0.5200.29277
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 4.0
Forensic Cluster
-5.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.Bromon.dll
-1.1s C:\Programmi\Jotzey\bin\plugins\Jotzey.CompatibilityChecker.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.9s C:\Programmi\Jotzey\bin\plugins\Jotzey.IEUpdate.dll
-0.6s C:\Programmi\Jotzey\bin\plugins\Jotzey.BrowserAdapterS.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll
0.0s C:\Programmi\Jotzey\bin\plugins\Jotzey.PurBrowseG.dll

C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState

C:\Programmi\Jotzey\bin\utilJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 350.488 bytes
Age . . . . . . . : 24.9 days (2014-03-08 21:08:31)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 20ABE0A7D3BB7A9299170295B46BFB75E7DA65DD3E7F1DDA82739D488674CB79
Description . . . :
Version . . . . . : 1.0.5204.19343
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Util Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 3236
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Util Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031701.exe
0.0s C:\Programmi\Jotzey\bin\utilJotzey.exe
0.0s C:\Programmi\Jotzey\bin\
0.0s C:\Programmi\Jotzey\bin\utilJotzey(2)(2).exe
1.8s C:\Programmi\Jotzey\bin\utilJotzey.InstallState

C:\Programmi\Jotzey\bin\utilJotzey.InstallState (Jotzey) -> Deleted
C:\Programmi\Jotzey\bin\XTLS.dll (Jotzey) -> Deleted
Size . . . . . . . : 292.632 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2BFD832640790855C4B34D31D3C5D5805644A0572A3820D82289A543A0A9864D
Product . . . . . : XVRNT
Publisher . . . . : TODO: <Company name>
Description . . . : TODO: <File description>
Version . . . . . : 2.0.0.6
Copyright . . . . : TODO: (c) <Company name>. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\bin\XTLSApp.dll (Jotzey) -> Deleted
Size . . . . . . . : 179.480 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.6
SHA-256 . . . . . : BCB316D6EAF30D0247091389750C77155F799F65CC455FCBB3172B25B3D00525
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\bin\XTLSApp.exe (Jotzey) -> Deleted
Size . . . . . . . : 78.616 bytes
Age . . . . . . . : 4.3 days (2014-03-29 10:22:57)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2C6480B4340A561B535CC207C807C23A3D478C8B0B450BC5EE83D30481C3C923
RSA Key Size . . . : 2048
Parent Name . . . : C:\Programmi\Jotzey\bin\utilJotzey.exe
Authenticode . . . : Valid
Running processes : 404
Fuzzy . . . . . . : 1.0
Forensic Cluster
-7.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031644.dll
-7.6s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031643.dll
-7.4s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031642.dll
-5.8s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031641.dll
-5.3s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031640.dll
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031639.sys
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033112.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031699.exe
-2.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033116.exe
-0.5s C:\Programmi\Jotzey\bin\BrowserAdapterS.7z
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031638.exe
-0.5s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033075.exe
-0.5s C:\Programmi\Jotzey\bin\7za.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031912.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031913.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031914.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031935.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031767.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031768.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP84\A0031769.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031576.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031577.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031578.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031588.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031589.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031590.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031600.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031601.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031602.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032001.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031613.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031614.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP83\A0031615.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032374.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032027.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032002.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032003.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032028.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032012.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032013.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032014.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032029.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031936.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032375.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032549.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032550.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP90\A0031937.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033212.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031983.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031984.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0031985.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033213.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP92\A0032376.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0032552.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP96\A0033214.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.exe
0.0s C:\Programmi\Jotzey\bin\XTLS.dll
0.0s C:\Programmi\Jotzey\bin\XTLSApp.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033294.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033295.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033296.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034345.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034346.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034347.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033334.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033335.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0033336.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034474.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034306.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034307.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034308.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034475.dll
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP101\A0034476.dll
0.3s C:\WINDOWS\Temp\Temporary Internet Files\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
0.3s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\
0.4s C:\WINDOWS\Temp\Cookies\
0.4s C:\WINDOWS\Temp\Cookies\index.dat
0.4s C:\WINDOWS\Temp\History\
0.4s C:\WINDOWS\Temp\History\History.IE5\
0.4s C:\WINDOWS\Temp\History\History.IE5\index.dat
0.4s C:\WINDOWS\Temp\History\History.IE5\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B14VUB2B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1Z1S1D1B\desktop.ini
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\
0.4s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KWEMJFQF\desktop.ini
0.8s C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H2D4GG0L\xvrnt[1].srf
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\
0.9s C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012014032920140330\index.dat
0.9s C:\Documents and Settings\LocalService\Preferiti\
0.9s C:\Documents and Settings\LocalService\Preferiti\Desktop.ini

C:\Programmi\Jotzey\Jotzey.ico (Jotzey) -> Deleted
C:\Programmi\Jotzey\JotzeyUninstall.exe (Jotzey) -> Deleted
Size . . . . . . . : 240.929 bytes
Age . . . . . . . : 25.0 days (2014-03-08 18:53:07)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B8575E1A622E5C11F8124E46427632A5CF841943FE8423CA55EB8DB7E3029F3D
Fuzzy . . . . . . : 8.0
Forensic Cluster
-8.9s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP86\A0031799.lnk
-6.5s C:\Programmi\Jotzey\
-4.6s C:\Programmi\Jotzey\JotzeyBHO.dll
-2.7s C:\Programmi\Jotzey\updateJotzey.InstallState
0.0s C:\Programmi\Jotzey\Jotzey.ico
0.0s C:\Programmi\Jotzey\JotzeyUninstall.exe

C:\Programmi\Jotzey\updateJotzey(2)(3).exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe

C:\Programmi\Jotzey\updateJotzey.exe (Jotzey) -> Deleted
Size . . . . . . . : 348.440 bytes
Age . . . . . . . : 25.9 days (2014-03-07 21:30:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : DA2AC6E0215609D332A9903D09B4CA754F2A6CA57BB4567DCF46D393C56C97AA
Description . . . :
Version . . . . . : 1.0.5200.26592
Copyright . . . . :
RSA Key Size . . . : 2048
Service . . . . . : Update Jotzey
Parent Name . . . : C:\WINDOWS\system32\services.exe
Authenticode . . . : Valid
Running processes : 2352
Fuzzy . . . . . . : -7.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Update Jotzey\
Forensic Cluster
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP93\A0033100.exe
0.0s C:\System Volume Information\_restore{AF8C1AB0-34EA-4C3F-83A5-36A70AEE5251}\RP82\A0031552.exe
0.0s C:\Programmi\Jotzey\updateJotzey(2)(3).exe
0.0s C:\Programmi\Jotzey\updateJotzey.exe

C:\Programmi\Jotzey\updateJotzey.InstallState (Jotzey) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Jotzey\ (Jotzey) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jotzey\ (Jotzey) -> Deleted
HKU\S-1-5-21-1202660629-1580436667-839522115-1003\Software\Jotzey\ (Jotzey) -> Deleted

Potential Unwanted Programs _________________________________________________

C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (FTDownloader) -> Deleted
conduit.search
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data

HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm\ (FTDownloader) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader) -> PendingDelete

Cookies _____________________________________________________________________

C:\Documents and Settings\SANTO\Cookies\santo@247realmedia[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@2o7[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.360yield[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ad.zanox[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.ad4game[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.creative-serving[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.p161[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ads.yahoo[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@adtechus[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@advertising[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@apmebf[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@atdmt[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@bs.serving-sys[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@casalemedia[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@content.yieldmanager[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@doubleclick[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@eas8.emediate[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@exoclick[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@media6degrees[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@ru4[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@serving-sys[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@smartadserver[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@track.adform[1].txt
C:\Documents and Settings\SANTO\Cookies\santo@tribalfusion[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneit.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@vodafoneitsimple.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdata.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@weboramaitdatas2.solution.weborama[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[2].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[3].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[4].txt
C:\Documents and Settings\SANTO\Cookies\santo@www.googleadservices[5].txt
C:\Documents and Settings\SANTO\Cookies\santo@yadro[1].txt
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:doubleclick.net

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19.00.28, on 02/04/2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 33.0.1750.154

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\RealNetworks\RealDownloader\recordingmanager.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SANTO\Impostazioni locali\Temporary Internet Files\Content.IE5\MV8TVA8B\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Programmi\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SANTO\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E57BE96D-C2EB-4836-BF77-40941C89AE43}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7981 bytes