Ciao,
ho chiesto ad Essexboy (malaware remover specialist) se può dare un’occhiata ai tuoi log di FARBAR,
spero che ci dia un’occhiata nel giro di qualche ora.
Potreste farmi sapere se questo si ferma
Could you let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= SearchScopes: HKU\S-1-5-21-3365894006-3997087103-118092341-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= SearchScopes: HKU\S-1-5-21-3365894006-3997087103-118092341-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Homepage: hxxp://vosteran.com/?f=1&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= CHR DefaultSearchKeyword: Default -> vosteran.com CHR DefaultSearchURL: Default -> http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_15_05_ff&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CtByCzztC0FtAtA0DtDtAtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0B0ByD0EtD0ByDtGzytDtAyDtGzzyByCtBtG0AtByCyBtGyByEyEtC0Azz0AtAtD0A0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyE0E0F0EyByEtGtB0DyBtBtGyE0AzytBtGzz0E0B0BtGyB0A0AtByB0FyDyBtByC0C0A2Q&cr=580807479&ir= 2015-01-31 15:41 - 2015-01-31 15:41 - 00000000 ____D () C:\ProgramData\d7aa93b4000051ce EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Thanks to the availability
For Now Avast does not report the problem.
enclose reports
Stefano
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme 
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 
Salve, da ieri ho anche io gli stessi problemi degli altri due utenti, avast mi segnala l’URL Mal praticamente ogni volta che apro una pagina in internet… Mando anche io i log con FSRT??? grazie in anticipo.
Ciao,
per favore la prossima volta apri un nuovo topic.
Per favore esegui prima:
-scansione all’avvio con avast
-browser cleanup di avast
-scansione completa con MBAM free https://it.malwarebytes.org/mwb-download/
Se anche cosi hai ancora avvisi da parte di avast, esegui scansione con FARBAR come spiegato qui https://forum.avast.com/index.php?topic=169165.msg1202616#msg1202616
ed allega i log ottenuti
Ho eseguito tutte e tre le operazioni, e in tutta risposta appena riaccendo il pc mi compaiono ancora le solite notifiche di avast…
Allego quindi i log di FRST:
Ho chiesto a Essexboy, Malware removal, di controllare i tuoi log.
Spero che ti risponda in giornata
ciao
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Toolbar: HKU\S-1-5-21-2043601111-3034135767-1007434342-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2043601111-3034135767-1007434342-1001 -> No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File U3 alnew7m6; C:\Windows\System32\Drivers\alnew7m6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) 2015-04-23 18:22 - 2015-04-23 18:22 - 00000000 ____D () C:\ProgramData\1accb5a00001d43 2015-04-23 18:17 - 2015-04-23 18:17 - 00003164 _____ () C:\Windows\System32\Tasks\{80920398-1E31-4F55-AC8D-6D144D771BDB} 2015-04-23 18:17 - 2015-04-23 18:17 - 00000000 __SHD () C:\Users\Daniele\AppData\Local\EmieBrowserModeList Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
il problema sembrerebbe risolto… ecco i log:
grazie a tutti, se ho altri problemi ve li segnalo =)
Salve, ho lo stesso problema riscontrato dagli altri utenti in questo topic. Ho effettuato scansioni con tutti i tool che conoscevo oltre ovviamente Avast, senza risolvere il problema. Allego i risultati delle scansioni con FRST. Spero possiate aiutarmi.
Grazie in anticipo
Ciao
per favore la prossima volta apri un nuovo topic
Ho chiesto ad un malware remover specialist di controllare i tuoi log.
Appena lo farà, ti dirà come procedere
Ciao raga…stesso problema… 
help me please… allego io miei log files
@ sartoridaniele1990
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Startup: C:\Users\Stellina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Portrait Professional 10.9.5 crack.lnk [2015-05-11] ShortcutTarget: Portrait Professional 10.9.5 crack.lnk -> C:\ProgramData\{7f5d14fd-f5f3-e667-7f5d-d14fdf5f53f7}\Portrait Professional 10.9.5 crack.exe (No File) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2015-05-29 22:42 - 2015-05-29 22:43 - 00000000 ____D C:\Users\Stellina\AppData\Local\Chromium RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
all ok…thanks
@essexboy
i’ve done the fix. I attach the fixlog, and let you know if i have any further problem. Thanks for the assistance
Are both now clear ?
@essexboy
seems fixed. Thank you again
Buonasera, anche io stesso problema …
allego entrambi i log generati con FRST64.
Grazie in anticipo per l’aiuto!!