Avast and svchost.exe

[REDACTED]

Yesterday, for the first time, appears to me a message from Avast motioning to me that I had a virus called svchost.exe, located in System32. As far as I know, if this file is in the System32 folder, isn't a virus, but some viruses can camouflaged under that name.

Because Avast tells me that it is a virus? I have Windows 7 Home Premium 64-bit with all updates installed, MalwareBytes updated and MalwareBytes not detected any virus, and Avast either.

Please, help me. 

[Pondus]

that I had a virus called svchost.exe

that is the detected file name ... not the malware name.
avast should give a malware name eksample Win32:Malware-gen .... so what name does avast give?

[Pondus]

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs here for reciving help

essexboy will then check logs and assist you when he is online later today

[REDACTED]

Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs here for reciving help

essexboy will then check logs and assist you when he is online later today

Ok, thanks you very much!

[REDACTED]

that I had a virus called svchost.exe

that is the detected file name ... not the malware name.
avast should give a malware name eksample Win32:Malware-gen .... so what name does avast give?

If I remember correctly, Avast tells me something of patch 195 and update. When it reappears again, I enclose a picture around here.

[REDACTED]

Here the results of Farbar Recovery San Tool.

[essexboy]

This should stop the alerts

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
BootExecute: autocheck autochk * ???j?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4181584166-3751067220-3969494250-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-20]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Torch
2015-03-26 01:48 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Raul\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Torch
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Comodo
2015-03-26 01:47 - 2014-11-07 23:13 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Chromatic Browser
2015-03-26 01:47 - 2014-02-23 17:39 - 00000000 ____D () C:\Users\Raul\AppData\Local\Google
2014-06-17 13:37 - 2014-06-17 13:37 - 0000000 _____ () C:\Users\Raul\AppData\Local\{F4174649-9D8D-4B2C-9F54-EE255CD4C410}
Task: {16502A65-595A-46F3-AF51-BCAA9E8F0285} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {FCFF118A-52DD-46C8-BC34-0072E8D010A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

Thanks for answer, essesboy! Here the results:

[REDACTED]

The alert appears again:

[essexboy]

Ah from the screenshot it seems as though Avast is blocking a windows update for some reason

I wonder if it is a defender update file...  Although delta patch generally relates to live mail

I will forward to Avast

[REDACTED]

Ah from the screenshot it seems as though Avast is blocking a windows update for some reason

I wonder if it is a defender update file...  Although delta patch generally relates to live mail

I will forward to Avast

Ok, thanks for your help and kindness, essexboy. I wait for the answer from Avast team.

But, I can usually rest assured that it isn't a virus that will damage my PC? How is my PC, by the reportedly attached?

[essexboy]

The initial fix removed some adware that uses chrome, but as you don't have that it was a bit wasted

How is the computer behaving otherwise ?

[REDACTED]

The initial fix removed some adware that uses chrome, but as you don't have that it was a bit wasted

How is the computer behaving otherwise ?

Perhaps a little more slowly. The only thing is that the overnight, this message of Avast appeared. It's a bit annoying because it shows me more than once.

Also say one thing, the task manager shows me a svchost.exe consumes lots of memory. It is normal? By the way, I have Malwarebytes Anti-Exploit Premium (trial version). I do not know if that's the cause of this consumption.

Yesterday, this came to eat up more than 500,000 Kb.

A program checked if the file had some virus, but said that not.

[essexboy]

Svchost is the workhorse file of your system  and a lot of programmes use it so several copies of it will show

As a lot of files were removed it may well be worth doing a quick defragment of your hard drive

[REDACTED]

Svchost is the workhorse file of your system  and a lot of programmes use it so several copies of it will show

As a lot of files were removed it may well be worth doing a quick defragment of your hard drive

Yes, but you don't have the memory consumption that I have. xD