Omiga Plus Virus

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Omiga Plus Virus

Messaggio da Cris »

Sera a tutti,
questa sera ho scaricato l'aggiornamento di SUMO, DECLINANDO ogni altra applicazione. Ma quando ho aperto il browser di chrome, a parte il notevole rallentamento, mi proponeva come pagina iniziale quella di Omiga Plus, anzichè la mia solita.
Ho fatto subito una scansione con Malwarebytes Anti-Malware ed eliminato tutti gli elementi nocivi rilevati e ho fatto una pulizia con Adw-Cleaner.
Cercando in rete ho letto che dovrei rimuovere il programma, ma non lo trovo nè come "Omiga" nè come "Wsys Control" (in un sito c'era indicato di cercare questa voce).
Se qualcuno ha voglia di dare un'occhiata questo è il log di Adw-Cleaner:
# AdwCleaner v3.214 - Rapporto creato 30/06/2014 in 19:24:17
# Aggiornato 29/06/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Cris - VALENTINA-PC
# In esecuzione da : C:\Users\Cris\Downloads\Download Chrome\adwcleaner_3.214.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Users\Cris\AppData\Roaming\SupTab
Cartella Eliminato : C:\Users\Cris\AppData\Roaming\VOPackage
Cartella Eliminato : C:\Users\Cris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Cartella Eliminato : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
File Eliminato : C:\Windows\Tasks\SelectionTool_wd.job
File Eliminato : C:\Windows\System32\Tasks\SelectionTool_wd
File Eliminato : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
File Eliminato : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
File Eliminato : C:\Windows\Tasks\SpeedUpMyPC Startup.job
File Eliminato : C:\Windows\System32\Tasks\SpeedUpMyPC Startup

***** [ Collegamenti ] *****

Collegamento Disinfetatti : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Collegamento Disinfetatti : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Collegamento Disinfetatti : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Collegamento Disinfetatti : C:\Users\Cris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Collegamento Disinfetatti : C:\Users\Cris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Collegamento Disinfetatti : C:\Users\Cris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Collegamento Disinfetatti : C:\Users\Cris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\speedupmypc
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Chiave Eliminati : HKCU\Software\powerpack
Chiave Eliminati : HKLM\Software\Email Notifier
Chiave Eliminati : HKLM\Software\SupDp
Chiave Eliminati : HKLM\Software\SupTab
Chiave Eliminati : HKLM\Software\Uniblue
Chiave Eliminati : HKLM\Software\Wpm
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Eliminati [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404141975&from=sfpsnew1&uid=SAMSUNGXHM321HI_S26VJ9FB354962&q={searchTerms}
Eliminati [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

[ File : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [5427 octets] - [30/06/2014 19:21:07]
AdwCleaner[S1].txt - [4679 octets] - [30/06/2014 19:24:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4739 octets] ##########
Grazie :ciao
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Omiga Plus Virus

Messaggio da System » lun giu 30, 2014 8:07 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Che cosa ti è rimasto di questo Omiga?
Ti ricordo questo articolo https://turbolab.it/167

I log incollali nella discussione non su siti esterni, poi li nascondi con il pulsante spoiler.

Di sumo esistono anche le versione portable

Da dove lo hai scaricato sumo?
Perché ho appena provato a installarlo e non mi ha fatto nessuna richiesta strana ne ho nessun Omiga plus.
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

crazy.cat ha scritto:Che cosa ti è rimasto di questo Omiga?
mi pare non sia rimasto niente.... anche se mentre sto' scrivendo questo messaggio tastiera e mouse a volte fanno quel che vogliono!
Ti ricordo questo articolo https://turbolab.it/167
letto! ripristinate pagine iniziali IE e chrome - estensioni di chrome non mi sembravano modificate
I log incollali nella discussione non su siti esterni, poi li nascondi con il pulsante spoiler
ok..
Da dove lo hai scaricato sumo?
dal sito di reindirizzamento di Sumo stesso, anche se in realtà non si è aperta questa pagina http://www.kcsoftwares.com/. Stavo guardando per l'aggiornamento di un software e mi è comparsa la mascherina che non mi era consentito in quanto Sumo non era aggiornato, mi ha proposto di scaricare l'ultima versione e ho proceduto... non mi ha fatto richieste strane, ho installato la versione veloce (non quella personalizzata) mi ricordo che c'era la spunta su tre opzioni da installare, ma l'ho tolta. Comunque anche nel precedente aggiornamento di Sumo avevo lanciato Malwarebytes Anti-Malware, non so' se è stato una caso, comunque aveva rilevato degli elementi nocivi.
grrrrrrrrrr .... comunque non so' se è un problema mio..... ma mentre sto' scrivendo qui (ho provato ad aprire un foglio Word e non ho nessun problema) a volte il cursore si posiziona dove vuole!! :mad:
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Prova a postare un log della scansione di hijackthis così vediamo se nel pc gira qualcosa di strano.
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

ecco il log di hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:57:41, on 01/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
nel lanciarlo mi ha dato questo messaggio "for some reason your sistem denied write access to the Hosts file. If any Hijacket domains are in this file Hijacktis may not able to fix this. If that appens you need to edit the file yourself.... ecc ecc.

Non riesco a postare l'immagine e nemmeno a caricarla con postimage.org, in quanto mi dice che non la trova.
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Fai analizzare questi due file sul sito www.virustotal.com e vediamo di cosa si tratta
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

crazy.cat ha scritto:Fai analizzare .... vediamo di cosa si tratta .....
Crazy, il file è pulito ( VEDI QUI ).
Cris ha scritto:dal sito di reindirizzamento di Sumo stesso, anche se in realtà non si è aperta questa pagina http://www.kcsoftwares.com/.
Il sito è corretto e Il problema non è SUMO.
Cris ha scritto:nel lanciarlo mi ha dato questo messaggio "for some reason your sistem denied write access to the Hosts file. If any Hijacket domains are in this file Hijacktis may not able to fix this. If that appens you need to edit the file yourself.... ecc ecc.
Tasto destro del mouse sull'icona di Hijackthis e scegli ESEGUI COME AMMINISTRATORE (cosi va eseguito il tool).

Per ora, scarica HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:

Immagine

2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il REPORT rilasciato e allegalo.
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

crazy.cat ha scritto:Fai analizzare questi due file sul sito http://www.virustotal.com e vediamo di cosa si tratta
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe
non ho trovato questi file ..... ma il log hijackthis riporta:
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
.... non vuol dire che è mancante? :s

[Claudio] ha scritto:Per ora, scarica HITMANPRO.
3) salva il REPORT rilasciato e allegalo.
eccolo:
HitmanPro 3.7.9.220
http://www.hitmanpro.com

Computer name . . . . : VALENTINA-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Valentina-PC\Cris
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (Expired)

Scan date . . . . . . : 2014-07-01 21:11:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 8s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 28

Objects scanned . . . : 1.623.946
Files scanned . . . . : 23.422
Remnants scanned . . : 456.326 files / 1.144.198 keys

Malware _____________________________________________________________________

C:\Users\Valentina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DXQGGFR\setup[1].exe
Size . . . . . . . : 208.352 bytes
Age . . . . . . . : 95.3 days (2014-03-28 14:09:14)
Entropy . . . . . : 7.9
SHA-256 . . . . . : E0FBC58D93C04968F7D3118301ECAB680D3039CA297F14C68CEEAC609D0CA051
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:Downloader.NSIS.Mazel.f
Fuzzy . . . . . . : 99.0


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance\ (SpeedUpMyPC)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup\ (SpeedUpMyPC)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32\ (Claro)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS\ (Claro)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Cookies _____________________________________________________________________

C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Cris ha scritto:.... non vuol dire che è mancante? :s
Non è detto, uno dei difetti di hijackthis è di non leggere bene i servizi, se guardi ti mancherebbero praticamente tutti i file di sistema sono tutti missing.
Se non ci sono meglio così.

Hitman ha trovato alcune cose nel registro ma tutte cose di poco conto rispetto a eventuali malware attivi.
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

In realtà AdwCleaner non ha funzionato a dovere nel terzo account (quello di Valentina), in quanto non riesco a ripulire il suo browser chrome dal famoso Omiga Plus. Ho rifatto la pulizia (dal suo account) e reimpostato la pagina iniziale, ma la ignora, quando accedo mi ripropone sempre la pagina iniziale di Omiga Plus....
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Nell'articolo parlo di una pagina Iniziale e una di avvio per chrome.
Le hai cambiate tutte e due?
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

Cris ha scritto:In realtà AdwCleaner non ha funzionato a dovere nel terzo account (quello di Valentina), in quanto non riesco a ripulire il suo browser chrome dal famoso Omiga Plus.
Ho rifatto la pulizia (dal suo account) e reimpostato la pagina iniziale, ma la ignora, quando accedo mi ripropone sempre la pagina iniziale di Omiga Plus....
Intanto disinstalla HitmanPro, è inservibile ai fini della rimozione, perché è scaduta la licenza di prova 30 giorni.

E comunque quella roba rilevata da HitmanPro va rimossa: sul computer è installato Malwarebytes (aggiornato alla ultima versione)?.

Per quanto riguarda Chrome, per ora:

1) apri le IMPOSTAZIONI;

2) clicca su GESTISCI MOTORI DI RICERCA e rimuovi tutto ciò che trovi mantenendo solo GOOGLE come predefinito;

3) esegui un controllo nelle ESTENSIONI (se trovi estensioni strane, disinstallale);

4) cancella tutti i DATI DI NAVIGAZIONE.
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

[Claudio] ha scritto: E comunque quella roba rilevata da HitmanPro va rimossa: sul computer è installato Malwarebytes (aggiornato alla ultima versione)?.
Malwarebytes è aggiornato, già fatta scansione, anzi più scansioni. Ha rimosso qualcosa.
Poi ho rifatto scansione con HitmanPro e ha comunque rilevato tutto ciò che aveva rilevato in precedenza.
[Claudio] ha scritto:Per quanto riguarda Chrome, per ora:

1) apri le IMPOSTAZIONI;

2) clicca su GESTISCI MOTORI DI RICERCA e rimuovi tutto ciò che trovi mantenendo solo GOOGLE come predefinito;
già fatto, rimossi tutti gli altri motori di ricerca. Ho cercato di impostare come predefinito Google (che non era più predefinito) ma non riesco a modificare URL, mi propone come predefinito Bing...
[Claudio] ha scritto: 3) esegui un controllo nelle ESTENSIONI (se trovi estensioni strane, disinstallale);
non c'è nessuna estensione nel suo account...
[Claudio] ha scritto:4) cancella tutti i DATI DI NAVIGAZIONE.
già fatto..
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

Cris ha scritto:Malwarebytes è aggiornato, già fatta scansione, anzi più scansioni. Ha rimosso qualcosa.
Allega il Report, per favore.

Apri le IMPOSTAZIONI di Chrome, scorri a fondo pagina, clicca sul link MOSTRA IMPOSTAZIONI AVANZATE, scorri a fondo pagina e clicca sul tasto REIMPOSTA IMPOSTAZIONI DEL BROWSER.
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

[Claudio] ha scritto:REIMPOSTA IMPOSTAZIONI DEL BROWSER.
ok fatto! reimpostato correttamente ...per ora
[Claudio] ha scritto:Malwarebytes ....Allega il Report, per favore.
ti allego gli ultimi tre fatti, ne ho fatto uno per ciascun account...
questo è il primo fatto, quando mi sono accorta che qualcosa non andava
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Data scansione: 30/06/2014
Ora scansione: 17:41:32
File di log: 1 mlw.txt
Amministratore: Si

Versione: 2.00.2.1012
Database malware: v2014.06.30.08
Database rootkit: v2014.06.23.02
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Cris

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 355181
Tempo impiegato: 16 min, 58 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata

Processi: 2
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 4316, Elimina al riavvio, [5a90cab1f8831f17309f4945b24fef11]
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 5036, Elimina al riavvio, [d4165625116a45f19c607ae12fd2a759]

Moduli: 1
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Elimina al riavvio, [7575463566154fe727fca4e7b34e0bf5],

Chiavi di registro: 15
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Spostato in quarantena, [5a90cab1f8831f17309f4945b24fef11],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, Spostato in quarantena, [5a90cab1f8831f17309f4945b24fef11],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Spostato in quarantena, [d4165625116a45f19c607ae12fd2a759],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\omiga-plus uninstaller, Spostato in quarantena, [84665526c4b71e18dd46abe0ca37f808],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Spostato in quarantena, [04e673080675a2942f5cc82c2fd47789],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Spostato in quarantena, [6981e19ac9b2142249bd37ca867ef907],
PUP.Optional.VNMToolbar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dghncoeocefmhkhiphdgikkamjeglbfh, Spostato in quarantena, [89617308e09b1d19ab047b327b87c739],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Spostato in quarantena, [a1492457bebd0432cebd777d5ea55ba5],
PUP.Optional.Qone8, HKU\S-1-5-21-3838763673-1115839168-2840729140-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Spostato in quarantena, [2cbea3d8344739fdb9d16391ba49fb05],

Valori di registro: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Spostato in quarantena, [bf2b6219275483b3b359ddd1ee14d927]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Spostato in quarantena, [36b44c2fb8c3d85eeb21694505fd57a9]

Dati di registro: 18
PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Buono: (), Cattivo (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Sostituito,[f0fae7941962c76f68bbf19a50b1d62a]
PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Buono: (), Cattivo (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Sostituito,[4b9fd5a624572a0c3be8fd8e936e32ce]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... ffdb2923dd]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... ca42c2c63a]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... 707f8556aa]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... cdbc48827e]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... 8a6f95926e]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (http://www.google.com/), Cattivo (http://isearch.omiga-plus.com/web/?type ... 7e42c2f010]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... 380202de22]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (http://www.google.com/), Cattivo (http://isearch.omiga-plus.com/web/?type ... 722bd92bd5]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Buono: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Cattivo ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Sostituito,[02e81c5f3d3eeb4bf2098efe3ec63ec2]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... 9b06fee11f]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... 6ed430c937]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... 2e51b3d42c]
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type ... earchTerms}, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/web/?type ... 6a48bce51b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Buono: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Cattivo ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Sostituito,[6981b2c9e893a294fffc721a27dd5fa1]
PUP.Optional.ISearch.A, HKU\S-1-5-21-3838763673-1115839168-2840729140-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... 06d92b748c]
PUP.Optional.ISearch.A, HKU\S-1-5-21-3838763673-1115839168-2840729140-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hp& ... J9FB354962, Buono: (www.google.com), Cattivo (http://isearch.omiga-plus.com/?type=hp& ... 1d8084a65a]

Cartelle: 100
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Elimina al riavvio, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\dialog, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\dialog\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\dialog\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\guide, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\guide\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\notice, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\notice\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\de, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\en, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\es, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\es_419, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-BE, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-CA, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-CH, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-LU, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\it, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\it-CH, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\ja, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pl, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pt_BR, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pt_PT, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\ru, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\tr, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\vi, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\zh_CN, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\zh_TW, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_metadata, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Elimina al riavvio, [cc1ef28980fbdb5bd44400ab34cee61a],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Spostato in quarantena, [cc1ef28980fbdb5bd44400ab34cee61a],

File: 217
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Elimina al riavvio, [5a90cab1f8831f17309f4945b24fef11],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Elimina al riavvio, [d4165625116a45f19c607ae12fd2a759],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Elimina al riavvio, [7575463566154fe727fca4e7b34e0bf5],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Spostato in quarantena, [f0fae7941962c76f68bbf19a50b1d62a],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Spostato in quarantena, [4b9fd5a624572a0c3be8fd8e936e32ce],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Spostato in quarantena, [21c93c3fa7d4c5712fffb5980cf6c23e],
PUP.Optional.Skytech.A, C:\Users\Cris\AppData\Roaming\omiga-plus\UninstallManager.exe, Spostato in quarantena, [84665526c4b71e18dd46abe0ca37f808],
PUP.Optional.VOPackage.A, C:\Users\Cris\AppData\Roaming\VOPackage\VOPackage.exe, Spostato in quarantena, [e30792e9e893cf6747aa18638d77d52b],
PUP.Optional.VOPackage.A, C:\Users\Cris\AppData\Local\Temp\nspC410.tmp\225.exe, Spostato in quarantena, [3fabdd9ebfbc38fe71805625de26e51b],
PUP.Optional.IePluginService.A, C:\Users\Cris\AppData\Local\Temp\19493479\19493479.zipDir\tmp\SupTab_Setup302.exe, Spostato in quarantena, [12d82952d4a7979f0bf16dee3cc50df3],
PUP.Optional.WPM.A, C:\Users\Cris\AppData\Local\Temp\19493479\19493479.zipDir\tmp\wpm_v20.0.0.502.exe, Spostato in quarantena, [dd0d6813bebd76c00dc25b3345bc31cf],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\MessageBox.xml, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\145.json, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\uninstallDlg2.xml, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\bg.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\bg1.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\bk_shadow.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\button.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\button1.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\checkbox.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\checkbox_select.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\checked.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\close.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\loading_bg.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\loading_light.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\min.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\scrollbar.bmp, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\Thumbs.db, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\unchecked.png, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code1.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code2.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code3.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code4.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code5.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\code6.jpg, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.OmigaPlus.A, C:\Users\Cris\AppData\Roaming\omiga-plus\images\code\Thumbs.db, Spostato in quarantena, [18d206758deef046b8f44b6204fefe02],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Spostato in quarantena, [99511b60b2c9ac8ab4ce7f500df55fa1],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Spostato in quarantena, [87634d2e3c3f8da907e1d631ec189769],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, Spostato in quarantena, [10da7308c9b2f93d0ddb22e5a75dd12f],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\background.html, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\index.html, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\jump.html, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\manifest.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\bookmarks.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\bookmarks\img\searchButton.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\classification.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img\skin\del.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img\skin\main.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\classification\img\skin\selected.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\cloud.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\cloudApp.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\cloudWebsite.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\createWebsite.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\buttonBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\categoryBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\icons.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\searchBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\searchButton.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\searchLeft.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\selected.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\cloud\img\skin\tabsBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\dialog\img\skin\headerBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions\extensions.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\extensions\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\guide\guide.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\guide\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited\lastVisited.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\lastVisited\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\notice\notice.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\notice\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\search.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\search\img\search.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\setup.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\img\skin\dialBoxStyle.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\setup\img\skin\icons.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img\oBookmarks.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img\oDownloads.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img\oExtensions.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img\oHistory.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\shortcuts\img\oNewtab.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\cloudWallpaper.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\skins.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin\categoryBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin\delete.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin\download.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin\icons.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\skins\img\skin\loading.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\weather.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\css\style.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\logo.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\skin\line.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\skin\locationIcon.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\skin\searchButton.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\app\weather\img\skin\weather.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\css\all.css, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\game.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\icon_128.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\icon_16.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\icon_48.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\shopping.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\weather.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\webstore.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\default.jpg, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\iconsprite.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\idialog_s.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\ios5_button.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\left.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\loading.gif, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\loading2.gif, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\qBoxBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_bg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_bg0.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_left.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_left0.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_right.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\q_right0.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\right.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\selected.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\img\skin\titleBg.png, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\all.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\background.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\ga.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\jq.mobi.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\jump.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\pop.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\redirect.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\js\xagainit.js, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\de\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\en\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\es\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\es_419\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-BE\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-CA\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-CH\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\fr-LU\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\it\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\it-CH\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\ja\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pl\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pt_BR\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\pt_PT\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\ru\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\tr\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\vi\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\zh_CN\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_locales\zh_TW\messages.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.4.5_0\_metadata\verified_contents.json, Spostato in quarantena, [b931413aa3d81f17fd8c7e1d639f3cc4],
PUP.Optional.ISearch.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Preferences, Buono: (), Cattivo ( "homepage": "http://isearch.omiga-plus.com/?type=hp& ... J9FB354962",), Sostituito,[d8129ae1f3882313857fe6d631d3fe02]
PUP.Optional.ISearch.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Preferences, Buono: (), Cattivo ( "startup_urls": [ "http://isearch.omiga-plus.com/?type=hp& ... J9FB354962" ],), Sostituito,[40aa8cef1368a78fd0668636c044ce32]

Settori fisici: 0
(No malicious items detected)


(end)
questo è il secondo
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Data scansione: 01/07/2014
Ora scansione: 21:50:55
File di log: penultimo mlw.txt
Amministratore: Si

Versione: 2.00.2.1012
Database malware: v2014.07.01.07
Database rootkit: v2014.07.01.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Michele

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 355625
Tempo impiegato: 20 min, 39 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(No malicious items detected)

Moduli: 0
(No malicious items detected)

Chiavi di registro: 1
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Spostato in quarantena, [f265b3e755264aec4c76000a19ebfc04],

Valori di registro: 0
(No malicious items detected)

Dati di registro: 0
(No malicious items detected)

Cartelle: 3
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Spostato in quarantena, [79deafebb1ca0333285f7c32d32f718f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Spostato in quarantena, [79deafebb1ca0333285f7c32d32f718f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Spostato in quarantena, [79deafebb1ca0333285f7c32d32f718f],

File: 2
PUP.Optional.QuickStart.A, C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Spostato in quarantena, [ea6d44569ae12214fd7f9c6d72929070],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-06-30[17-27-15-535].log, Spostato in quarantena, [79deafebb1ca0333285f7c32d32f718f],

Settori fisici: 0
(No malicious items detected)


(end)
e questo l'ultimo:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Data scansione: 01/07/2014
Ora scansione: 22:38:42
File di log: ultimo log mlw.txt
Amministratore: No

Versione: 2.00.2.1012
Database malware: v2014.07.01.07
Database rootkit: v2014.07.01.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Valentina

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 211891
Tempo impiegato: 11 min, 46 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(No malicious items detected)

Moduli: 0
(No malicious items detected)

Chiavi di registro: 0
(No malicious items detected)

Valori di registro: 0
(No malicious items detected)

Dati di registro: 0
(No malicious items detected)

Cartelle: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Settori fisici: 0
(No malicious items detected)


(end)
grazie
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

ok fatto! reimpostato correttamente ...per ora
C'est bien (se dura).

Ripeti le scansioni con Malwarebytes sui due primi account (il tuo e quello di Michele) e allega i due nuovi report.
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12443
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Omiga Plus Virus

Messaggio da crazy.cat »

Visto la quantità industriale di schifezze trovate, ti consiglio di leggere questo https://turbolab.it/303 e installare il programma per proteggere meglio quel povero pc.
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

[Claudio] ha scritto: Ripeti le scansioni con Malwarebytes sui due primi account (il tuo e quello di Michele) e allega i due nuovi report.
eccoli:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Data scansione: 02/07/2014
Ora scansione: 18:50:49
File di log: log1.txt
Amministratore: Si

Versione: 2.00.2.1012
Database malware: v2014.07.02.05
Database rootkit: v2014.07.01.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Cris

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 356380
Tempo impiegato: 18 min, 39 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(No malicious items detected)

Moduli: 0
(No malicious items detected)

Chiavi di registro: 0
(No malicious items detected)

Valori di registro: 0
(No malicious items detected)

Dati di registro: 0
(No malicious items detected)

Cartelle: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Settori fisici: 0
(No malicious items detected)


(end)
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Data scansione: 02/07/2014
Ora scansione: 19:12:02
File di log: log2.txt
Amministratore: Si

Versione: 2.00.2.1012
Database malware: v2014.07.02.05
Database rootkit: v2014.07.01.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Michele

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 356380
Tempo impiegato: 17 min, 58 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(No malicious items detected)

Moduli: 0
(No malicious items detected)

Chiavi di registro: 0
(No malicious items detected)

Valori di registro: 0
(No malicious items detected)

Dati di registro: 0
(No malicious items detected)

Cartelle: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Settori fisici: 0
(No malicious items detected)


(end)
crazy.cat ha scritto:....... quel povero pc.
:aureola . :aureola . :aureola . (la colpa è di Claudio che mi ha fatto allegare i report..... :acch )

poi lo leggo :grazie
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

Cris ha scritto:..... la colpa è di Claudio che mi ha fatto allegare i report..... :acch )
Adesso ci siamo; il problema è risolto ...... fino alla prossima volta.
crazy.cat ha scritto:Visto la quantità industriale di schifezze trovate, ti consiglio di leggere questo https://turbolab.it/303 e installare il programma per proteggere meglio quel povero pc.
Non ci crederai ..... ma Cristina riuscirebbe ad incasinare il povero PC lo stesso.

Comunque .... meglio leggere l'articolo e installare Unchecky :->
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

[Claudio] ha scritto:.... Cristina riuscirebbe ad incasinare il povero PC lo stesso.
Cit.
"Ho un’accelerazione emotiva istantanea, tendo a portare ogni cosa agli eccessi in pochi secondi.
Quelle come me fanno paura, perché o le sai guidare o ti ci schianti."

grazie ad entrambe :approvo :approvo
(fino alla prossima....)
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

Cris ha scritto:Cit.
"Ho un’accelerazione emotiva istantanea, tendo a portare ogni cosa agli eccessi in pochi secondi.
Quelle come me fanno paura, perché o le sai guidare o ti ci schianti."
"Non è che se tiri troppo, la corda si spezza. Il fatto è che se tiri troppo la corda, io lascio la presa e tu ti ritrovi con il culo per terra." (Cit. stessa autrice) :fiu
(fino alla prossima....)
:->
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Omiga Plus Virus

Messaggio da Cris »

...... mi sono legata le dita con lo scotch ...... :-)
... Penso che installerò quel programma, così forse il PC non mi lascerà col ciulo per terra .... :->
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

Sono già tornata..................

Ieri sera ho fatto delle prove, l'unico account che sembra funzionare correttamente è il mio.
Sia l'account di Michele che di Valentina, perdono subito le impostazioni del browser (Chrome), rimane impostato il motore di ricerca di google, quindi la pagina che viene aperta è quella.
Inoltre dall'account di Valentina il primo accesso a internet è regolare. Se chiudo e cerco di riaccedere, non risponde.

@Claudio... avevi detto che
[Claudio] ha scritto:E comunque quella roba rilevata da HitmanPro va rimossa
non l'abbiamo rimossa. Malwarebytes non l'aveva rilevata.
:(
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
[Claudio]

Re: Omiga Plus Virus

Messaggio da [Claudio] »

:muro

Reinstalla HITMANPRO.
1) esegui il software, clicca su IMPOSTAZIONI, e imposta come da immagine:

Immagine

2) conferma con OK e clicca su AVANTI per avviare la scansione (è richiesta la connessione attiva);
3) salva il report e allegalo.
Avatar utente
Cris
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 179
Iscritto il: mer apr 30, 2014 11:01 pm

Re: Omiga Plus Virus

Messaggio da Cris »

eccolo...
HitmanPro 3.7.9.220
http://www.hitmanpro.com

Computer name . . . . : VALENTINA-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Valentina-PC\Cris
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (Expired)

Scan date . . . . . . : 2014-07-03 22:27:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 24s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 37

Objects scanned . . . : 1.618.890
Files scanned . . . . : 21.499
Remnants scanned . . : 453.104 files / 1.144.287 keys

Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance\ (SpeedUpMyPC)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup\ (SpeedUpMyPC)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32\ (Claro)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS\ (Claro)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

Cookies _____________________________________________________________________

C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:barilla.solution.weborama.fr
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdata.solution.weborama.fr
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdatas3.solution.weborama.fr
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
Sempre! Che parola terribile. Quando la sento mi fa venire i brividi. :fiu
System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Omiga Plus Virus

Messaggio da System » gio lug 03, 2014 10:36 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio