Author Topic: infezione URL: mal - svchost.exe  (Read 19093 times)

0 Members and 1 Guest are viewing this topic.

Offline sartoridaniele1990

  • Newbie
  • *
  • Posts: 3
Re: infezione URL: mal - svchost.exe
« Reply #30 on: June 19, 2015, 07:46:43 PM »
Salve, ho lo stesso problema riscontrato dagli altri utenti in questo topic. Ho effettuato scansioni con tutti i tool che conoscevo oltre ovviamente Avast, senza risolvere il problema. Allego i risultati delle scansioni con FRST. Spero possiate aiutarmi.
Grazie in anticipo

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: infezione URL: mal - svchost.exe
« Reply #31 on: June 19, 2015, 08:57:35 PM »
Ciao
per favore la prossima volta apri un nuovo topic
Ho chiesto ad un malware remover specialist di controllare i tuoi log.
Appena lo farà, ti dirà come procedere
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline n.ursoleo

  • Newbie
  • *
  • Posts: 2
Re: infezione URL: mal - svchost.exe
« Reply #32 on: June 19, 2015, 09:40:43 PM »
Ciao raga...stesso problema.... :( help me please....  :( allego io miei log files

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: infezione URL: mal - svchost.exe
« Reply #33 on: June 19, 2015, 09:46:27 PM »
@  sartoridaniele1990

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
Startup: C:\Users\Stellina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Portrait Professional 10.9.5 crack.lnk [2015-05-11]
ShortcutTarget: Portrait Professional 10.9.5 crack.lnk -> C:\ProgramData\{7f5d14fd-f5f3-e667-7f5d-d14fdf5f53f7}\Portrait Professional 10.9.5 crack.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Users\Stellina\AppData\Local\Chromium
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: infezione URL: mal - svchost.exe
« Reply #34 on: June 19, 2015, 09:53:31 PM »

Offline n.ursoleo

  • Newbie
  • *
  • Posts: 2
Re: infezione URL: mal - svchost.exe
« Reply #35 on: June 19, 2015, 11:38:08 PM »
all ok..thanks

Offline sartoridaniele1990

  • Newbie
  • *
  • Posts: 3
Re: infezione URL: mal - svchost.exe
« Reply #36 on: June 20, 2015, 10:05:00 AM »
@essexboy

i've done the fix. I attach the fixlog, and let you know if i have any further problem. Thanks for the assistance

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: infezione URL: mal - svchost.exe
« Reply #37 on: June 20, 2015, 12:07:43 PM »
Are both now clear ?

Offline sartoridaniele1990

  • Newbie
  • *
  • Posts: 3
Re: infezione URL: mal - svchost.exe
« Reply #38 on: June 20, 2015, 05:25:29 PM »
@essexboy
seems fixed. Thank you again ;)

Offline biro1991

  • Newbie
  • *
  • Posts: 4
Re: infezione URL: mal - svchost.exe
« Reply #39 on: June 26, 2015, 07:01:13 PM »
Buonasera, anche io stesso problema ... 

allego entrambi i log generati con FRST64.

Grazie in anticipo per l'aiuto!!

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: infezione URL: mal - svchost.exe
« Reply #40 on: June 26, 2015, 08:41:38 PM »
Ciao
per favore la prossima volta apri un nuovo topic..
Ho chiesto ad un malware remover specialist di controllare i tuoi log.
Appena lo farà, ti dirà come procedere
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: infezione URL: mal - svchost.exe
« Reply #41 on: June 26, 2015, 09:26:56 PM »
CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1433232880&z=ccfa30af39ea385343b1050g5z2cac4occ6o1beq8t&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1433232862&z=d9b5087e542823e99a1f69fgez6c5c0obcao2b5w4o&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3696484345-1428165893-2251099865-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470&ts=1433232893&type=default&q={searchTerms}
BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} ->  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1433232862&z=d9b5087e542823e99a1f69fgez6c5c0obcao2b5w4o&from=smt&uid=ST1000LM024XHN-M101MBB_S32XJ9FF304470
2015-06-03 20:00 - 2015-06-03 20:00 - 00000000 ____D C:\ProgramData\d91282a100002be7
2015-05-30 12:08 - 2015-06-25 15:55 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieBrowserModeList
2015-06-25 15:55 - 2014-09-04 02:21 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieUserList
2015-06-25 15:55 - 2014-09-04 02:21 - 00000000 __SHD C:\Users\PC\AppData\Local\EmieSiteList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

Offline biro1991

  • Newbie
  • *
  • Posts: 4
Re: infezione URL: mal - svchost.exe
« Reply #42 on: June 26, 2015, 11:37:26 PM »
@essexboy, thank you very much for helping me.

Here below you can find my Fixlog.

I really don't know If it worked, but I hope so. Anyway, still thank you for your precious help.

Offline biro1991

  • Newbie
  • *
  • Posts: 4
Re: infezione URL: mal - svchost.exe
« Reply #43 on: June 27, 2015, 12:08:26 AM »
ok , done! @essexboy

I attached the logfile created by Adwcleaner.

Thank you again for all !! ... I hope is all fixed now!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: infezione URL: mal - svchost.exe
« Reply #44 on: June 27, 2015, 11:58:03 AM »
Looks good, is all clear now ?