Avast WEBforum

Avast Products => Non-english zone => Italiano => Topic started by: giovannigiacomelli on February 17, 2015, 06:50:08 PM

Title: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 17, 2015, 06:50:08 PM
Ciao,
ho già notato che sono in molti con il mio stesso problema...
Da ieri, quando mi connetto, Avast mi segnala infezioni url:MAL localizzate nel file svchost.exe; ogni volta che mi riconnetto il numero di minacce rilevate e la url cambia
(da un minimo di 2 a un massimo di 24).
L'ultima segnalazione é: 
http://blackled.info/3232/BocaProc_142248366115460.dll

Già provato a fare una scansione, ma non rileva niente.

Per il momento il pc nn sembra avere problemi; c'é modo di risolvere la cosa?
Grazie in anticipo!!
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 17, 2015, 08:58:56 PM
Ciao,
succede solo quando hai aperto il browser o anche quando i browser sono chiusi?
Che browser utilizzi? Sistema operativo? Versione di avast?
Prova ad eseguire una scansione all'avvio con avast e poi esegui il browser cleanup di avast.
Esegui anche una scansione completa con MBAM free http://it.malwarebytes.org/mwb-download/?language=it
Esegui poi una pulitura del disco con CCleaner  http://www.piriform.com/ccleaner
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 10:23:33 AM
Succede anche a browser chiuso, non appena attivo la connessione wi-fi.
Uso Google Chrome, il pc ha windows 8.1, mentre la versione di Avast é la 150217-2.
Ho già provato con mbam free, scansione completa: ha trovato una cinquantina di file (già messi in quarantena), ma mi é sembrato che nessuno
di quelli facesse capo a svchost.exe.
Già fatta anche scansione con avast e pulitura con c-cleaner: all'inizio le minacce rilevate sono meno, poi torna come prima.
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 18, 2015, 10:51:05 AM
Ciao
Prova a scaricare  Farbar Recovery Tool Scan e salvarlo sul desktop.
 http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Nota: È necessario eseguire la versione compatibile con il sistema. Se non siete sicuri di quale versione si applica al sistema scaricare entrambi e cercare di farli funzionare. Solo uno di loro verrà eseguito sul vostro sistema, che sarà la versione giusta.
 

     Tasto destro del mouse per eseguire come amministratore (gli utenti XP fare clic su Esegui dopo il ricevimento del Windows Security Warning - Apri file). Quando si apre lo strumento fare clic su Sì.
     Selezionare addition.txt in fondo
     Premere il pulsante Scan.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
     Si prega di allegare entrambi i log generati.
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 01:15:50 PM
Fatto.
Ho fatto anche una scansione avast all'avvio, ma il problema persiste.
Come faccio ad allegare???

Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 18, 2015, 01:40:46 PM
È spiegato qui
https://forum.avast.com/index.php?topic=144453.0
Ciao
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 01:51:14 PM
...non avevo visto il pulsante...
ecco gli allegati.
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 18, 2015, 02:15:08 PM
Ciao,
ho chiesto ad un malaware remover specialist di unirsi a questo topic.
Spero che nel giro di un paio d'ore dia un'occhiata ai tuoi log.
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 03:17:06 PM
Questo mi fa pensare che la cosa sia molto grave... :'(
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on February 18, 2015, 04:34:35 PM
Ciao, non è male solo alcuni adware spazzatura

Hi there, it is not to bad just some adware rubbish

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL => C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL File Not Found
AppInit_DLLs-x32: c:/progra~3/{0df0e~1/191~1.1/nosi.dll => "c:/progra~3/{0df0e~1/191~1.1/nosi.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1311418288-3929676420-233349601-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1311418288-3929676420-233349601-1001 -> DefaultScope {4F5435F0-E5A2-40BF-8D80-5AA0B5A11DF3} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0F0BtBtAyB0A0Czy0AyBtN0D0Tzu0StCtCtBtBtN1L2XzutAtFyBtFtAtFyEtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0CtBtC0F0BzztGyCtA0D0BtGyCyB0DyCtGtCyDzy0DtGyD0FyD0C0E0E0FyC0E0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCyDyB0F0A0AzztG0AtAtCtCtGyE0EzzyCtG0B0ByDtCtGyEtA0C0F0AtAyB0AyDzyyEyC2Q&cr=1922468442&ir=
SearchScopes: HKU\S-1-5-21-1311418288-3929676420-233349601-1001 -> {4F5435F0-E5A2-40BF-8D80-5AA0B5A11DF3} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0F0BtBtAyB0A0Czy0AyBtN0D0Tzu0StCtCtBtBtN1L2XzutAtFyBtFtAtFyEtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtD0CtBtC0F0BzztGyCtA0D0BtGyCyB0DyCtGtCyDzy0DtGyD0FyD0C0E0E0FyC0E0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCyDyB0F0A0AzztG0AtAtCtCtGyE0EzzyCtG0B0ByDtCtGyEtA0C0F0AtAyB0AyDzyyEyC2Q&cr=1922468442&ir=
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF user.js: detected! => C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\qqg384vt.default\user.js
2015-02-17 16:03 - 2014-01-29 15:06 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 18, 2015, 04:39:09 PM
@ giovannigiacomelli
se qualcosa non è chiaro dillo pure che faccio da interprete  ;)
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 05:38:58 PM
Grazie mille, provo subito! :)
Title: Re: infezione URL: mal - svchost.exe
Post by: giovannigiacomelli on February 18, 2015, 06:05:56 PM
Appena finito...per il momento sembra tutto ok, stiamo a vedere.
Grazie mille, siete stati velocissimi.

Allego i due log.
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on February 18, 2015, 06:48:27 PM
Potrebbe confermare che le segnalazioni hanno cessato

Could you confirm the alerts have ceased
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 18, 2015, 08:16:47 PM
Potrebbe confermare che le segnalazioni hanno cessato

Could you confirm the alerts have ceased
hi essexboy,until now, the user seems that he hasn't any alert from avast.
thanks!

Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on February 18, 2015, 08:44:29 PM
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)

(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

If you do need to keep Java then download JavaRa  (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select  Remove Java Runtime.  Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
(https://dl.dropboxusercontent.com/u/73555776/javara.JPG)


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)

Malwarebytes (http://www.malwarebytes.org/mbam-download.php).

Update and run weekly to keep your system clean

Unchecky (http://unchecky.com/)

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices  (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe  :wave:
Title: Re: infezione URL: mal - svchost.exe
Post by: ba.seggio on February 23, 2015, 03:48:41 PM
Da un paio di giorni avast mi segnala questa minaccia.
Ho già fatto scansione completa con avast e malwarebytes ma continua a comparire all'accensione del pc e rilevamento rete wi-fi.

Sul mio computer ho windows 7

Se qualcuno sa darmi indicazioni come risolvere il problema ringrazio anticipatamente

Stefano
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 23, 2015, 04:04:41 PM
Ciao,
per favore la prossima volta apri un nuovo topic.
Cosa intendi per
Quote
e rilevamento rete wi-fi.
?
Come scritto nella mia reply numero 3 fai una scansione con FARBAR e allega i log con la tua prossima risposta.
Title: Re: infezione URL: mal - svchost.exe
Post by: ba.seggio on February 23, 2015, 04:22:58 PM

Per rilevamento rete wi-fi intendo che avast segnala quel tipo di problema appena accendo il computer e si connette al router wi-fi (sinceramente non so se il problema può essere correlato).

Durante il funzionamento, per ora, non avvengono segnalazioni

Allego i due log generati
Grazie

Stefano
Title: Re: infezione URL: mal - svchost.exe
Post by: ba.seggio on February 23, 2015, 06:15:38 PM

Rettificando in parte quanto detto sopra, il problema è sorto anche durante il normale utilizzo e non più solo all'avvio del computer come detto precedentemente. Allego report.

Stefano
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on February 23, 2015, 06:52:45 PM
Ciao,
ho chiesto ad Essexboy (malaware remover specialist) se può dare un'occhiata ai tuoi log di FARBAR,
spero che ci dia un'occhiata nel giro di qualche ora.

Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on February 23, 2015, 07:45:15 PM
Potreste farmi sapere se questo si ferma

Could you let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
SearchScopes: HKU\S-1-5-21-3365894006-3997087103-118092341-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
SearchScopes: HKU\S-1-5-21-3365894006-3997087103-118092341-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Homepage: hxxp://vosteran.com/?f=1&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir=
2015-01-31 15:41 - 2015-01-31 15:41 - 00000000 ____D () C:\ProgramData\d7aa93b4000051ce
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Title: Re: infezione URL: mal - svchost.exe
Post by: ba.seggio on February 24, 2015, 10:45:09 AM
Thanks to the availability
For Now Avast does not report the problem.

enclose reports

Stefano
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on February 24, 2015, 07:35:14 PM
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Remove tools

Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)

(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)

Malwarebytes (http://www.malwarebytes.org/mbam-download.php).

Update and run weekly to keep your system clean

Unchecky (http://unchecky.com/)

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices  (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe  :wave:
Title: Re: infezione URL: mal - svchost.exe
Post by: daniele.nini94 on May 14, 2015, 04:52:38 PM
Salve, da ieri ho anche io gli stessi problemi degli altri due utenti, avast mi segnala l'URL Mal praticamente ogni volta che apro una pagina in internet... Mando anche io i log con FSRT??? grazie in anticipo.
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on May 14, 2015, 05:06:03 PM
Ciao,
per favore la prossima volta apri un nuovo topic.
Per favore esegui prima:
-scansione all'avvio con avast
-browser cleanup di avast
-scansione completa con MBAM free https://it.malwarebytes.org/mwb-download/

Se anche cosi hai ancora avvisi da parte di avast, esegui scansione con FARBAR come spiegato qui https://forum.avast.com/index.php?topic=169165.msg1202616#msg1202616
ed allega i log ottenuti
Title: Re: infezione URL: mal - svchost.exe
Post by: daniele.nini94 on May 15, 2015, 12:09:48 AM
Ho eseguito tutte e tre le operazioni, e in tutta risposta appena riaccendo il pc mi compaiono ancora le solite notifiche di avast...
Allego quindi i log di FRST:
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on May 15, 2015, 08:19:28 AM
Ho chiesto a Essexboy, Malware removal, di controllare i tuoi log.
Spero che ti risponda in giornata
ciao
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on May 15, 2015, 03:52:11 PM
CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKU\S-1-5-21-2043601111-3034135767-1007434342-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2043601111-3034135767-1007434342-1001 -> No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} -  No File
U3 alnew7m6; C:\Windows\System32\Drivers\alnew7m6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
2015-04-23 18:22 - 2015-04-23 18:22 - 00000000 ____D () C:\ProgramData\1accb5a00001d43
2015-04-23 18:17 - 2015-04-23 18:17 - 00003164 _____ () C:\Windows\System32\Tasks\{80920398-1E31-4F55-AC8D-6D144D771BDB}
2015-04-23 18:17 - 2015-04-23 18:17 - 00000000 __SHD () C:\Users\Daniele\AppData\Local\EmieBrowserModeList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Title: Re: infezione URL: mal - svchost.exe
Post by: daniele.nini94 on May 25, 2015, 07:19:45 PM
il problema sembrerebbe risolto... ecco i log:
grazie a tutti, se ho altri problemi ve li segnalo =)

Title: Re: infezione URL: mal - svchost.exe
Post by: sartoridaniele1990 on June 19, 2015, 07:46:43 PM
Salve, ho lo stesso problema riscontrato dagli altri utenti in questo topic. Ho effettuato scansioni con tutti i tool che conoscevo oltre ovviamente Avast, senza risolvere il problema. Allego i risultati delle scansioni con FRST. Spero possiate aiutarmi.
Grazie in anticipo
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on June 19, 2015, 08:57:35 PM
Ciao
per favore la prossima volta apri un nuovo topic
Ho chiesto ad un malware remover specialist di controllare i tuoi log.
Appena lo farà, ti dirà come procedere
Title: Re: infezione URL: mal - svchost.exe
Post by: n.ursoleo on June 19, 2015, 09:40:43 PM
Ciao raga...stesso problema.... :( help me please....  :( allego io miei log files
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on June 19, 2015, 09:46:27 PM
@  sartoridaniele1990

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
Startup: C:\Users\Stellina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Portrait Professional 10.9.5 crack.lnk [2015-05-11]
ShortcutTarget: Portrait Professional 10.9.5 crack.lnk -> C:\ProgramData\{7f5d14fd-f5f3-e667-7f5d-d14fdf5f53f7}\Portrait Professional 10.9.5 crack.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Users\Stellina\AppData\Local\Chromium
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on June 19, 2015, 09:53:31 PM
 @n.ursoleo  https://forum.avast.com/index.php?topic=172529.new#new
Title: Re: infezione URL: mal - svchost.exe
Post by: n.ursoleo on June 19, 2015, 11:38:08 PM
all ok..thanks
Title: Re: infezione URL: mal - svchost.exe
Post by: sartoridaniele1990 on June 20, 2015, 10:05:00 AM
@essexboy

i've done the fix. I attach the fixlog, and let you know if i have any further problem. Thanks for the assistance
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on June 20, 2015, 12:07:43 PM
Are both now clear ?
Title: Re: infezione URL: mal - svchost.exe
Post by: sartoridaniele1990 on June 20, 2015, 05:25:29 PM
@essexboy
seems fixed. Thank you again ;)
Title: Re: infezione URL: mal - svchost.exe
Post by: biro1991 on June 26, 2015, 07:01:13 PM
Buonasera, anche io stesso problema ... 

allego entrambi i log generati con FRST64.

Grazie in anticipo per l'aiuto!!
Title: Re: infezione URL: mal - svchost.exe
Post by: giogio on June 26, 2015, 08:41:38 PM
Ciao
per favore la prossima volta apri un nuovo topic..
Ho chiesto ad un malware remover specialist di controllare i tuoi log.
Appena lo farà, ti dirà come procedere
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on June 26, 2015, 09:26:56 PM
CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1433232880&z=ccfa30af39ea385343b1050g5z2cac4occ6o1beq8t&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1433232862&z=d9b5087e542823e99a1f69fgez6c5c0obcao2b5w4o&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3696484345-1428165893-2251099865-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470&ts=1433232893&type=default&q={searchTerms}
BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} ->  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1433232862&z=d9b5087e542823e99a1f69fgez6c5c0obcao2b5w4o&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470
2015-06-03 20:00 - 2015-06-03 20:00 - 00000000 ____D C:\ProgramData\d91282a100002be7
2015-05-30 12:08 - 2015-06-25 15:55 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieBrowserModeList
2015-06-25 15:55 - 2014-09-04 02:21 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieUserList
2015-06-25 15:55 - 2014-09-04 02:21 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieSiteList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Title: Re: infezione URL: mal - svchost.exe
Post by: biro1991 on June 26, 2015, 11:37:26 PM
@essexboy, thank you very much for helping me.

Here below you can find my Fixlog.

I really don't know If it worked, but I hope so. Anyway, still thank you for your precious help.
Title: Re: infezione URL: mal - svchost.exe
Post by: biro1991 on June 27, 2015, 12:08:26 AM
ok , done! @essexboy

I attached the logfile created by Adwcleaner.

Thank you again for all !! ... I hope is all fixed now!
Title: Re: infezione URL: mal - svchost.exe
Post by: essexboy on June 27, 2015, 11:58:03 AM
Looks good, is all clear now ?
Title: Re: infezione URL: mal - svchost.exe
Post by: biro1991 on June 27, 2015, 03:37:16 PM

@essexboy yeeees!!!
Till now, no more alerts by Avast!!!

Thank you again for your interest and your help!!!You' re the best!!!!
Title: Re: infezione URL: mal - svchost.exe
Post by: alessandroln on January 15, 2018, 10:29:47 AM
Salve anche io ho lo stesso problema per favore potete farmi avere la fixlist per risolvere il problema grazie.
allego log di FRST