[Resolvido] Malware forcando falsa atualização dos navegadores

[Spyder.RV 0]

Boa tarde.

 

Ao acessar sites, todos os navegadores apresentam mensagem que o navegador precisa ser atualizado e redirecionam para um endereço com final /Update dentro do site que foi acessado. Exemplo: ao acessar www.uol.com.br ele coloca www.uol.com.br/Update

mesmo o endereço nem existindo nos sites eles aparecem na barra de endereço dos navegadores; e em alguns sites como google.com, bing.com ele nem faz isso e já nem conecta no site dando erro de acesso.

 

O problema aaconteceu no Chrome, Firefox e IE. Eu já passei varios antivirus e algumas ferramentas de remoção de malware mas o problema persiste.

 

Segue log do HijackThis abaixo:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:04:22, on 26/10/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.18057)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Samsung\Easy Software Manager

\SWMAgent.exe

C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Settings

\MovieColorEnhancer.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Settings

\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution

5\WCScheduler.exe

C:\Program Files (x86)\Samsung\Easy Support Center

\SSCKbdHk.exe

C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?

LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-

12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files

(x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-

B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

\jre1.8.0_45\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-

42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-

B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN

\gbieh.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-

45B7-42AE-A9AA-ABA463DBD3BF} - C:

\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre1.8.0_45\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox

\Client\Dropbox.exe" /systemstartup

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST

Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files

(x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Enviar para o OneNote -

res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft

Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0

-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files

(x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync -

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files

(x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Anotações Vinculadas do OneNote -

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote

- {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated

graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1}

- C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520}

- C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-

00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft

Shared\OFFICE15\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files

(x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice)

- Adobe Systems Incorporated - C:\Program Files (x86)\Common

Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -

Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 +

High Speed Service (AMPPALR3) - Intel Corporation - C:

\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST

Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast

Software - C:\Program Files\AVAST Software\Avast\ng\vbox

\AvastVBoxSVC.exe

O23 - Service: Bluetooth Device Monitor - Intel Corporation -

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth Media Service - Intel Corporation -

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

O23 - Service: Bluetooth OBEX Service - Intel Corporation -

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0

+ High Speed Security Service (BTHSSecurityMgr) - Intel®

Corporation - C:\Program Files\Intel\BluetoothHS

\BTHSSecurityMgr.exe

O23 - Service: Serviço Atualização do Dropbox (dbupdate)

(dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox

\Update\DropboxUpdate.exe

O23 - Service: Serviço Atualização do Dropbox (dbupdatem)

(dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox

\Update\DropboxUpdate.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) -

Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) -

Intel® Corporation - C:\Program Files\Intel\WiFi\bin

\EvtEng.exe

O23 - Service: ExpressCache - Diskeeper Corporation - C:

\Program Files\Diskeeper Corporation\ExpressCache

\ExpressCache.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax)

- Unknown owner - C:\windows\system32\fxssvc.exe (file

missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:

\Program Files (x86)\WildGames\Game Console - WildGames

\GameConsoleService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:

\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) -

Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem)

- Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe

O23 - Service: @%SystemRoot%

\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService)

- Unknown owner - C:\windows\system32\IEEtwCollector.exe

(file missing)

O23 - Service: FF Install Filter Service

(InstallFilterService) - Unknown owner - C:\Program Files

(x86)\STMicroelectronics\Accelerometer

\InstallFilterService.exe

O23 - Service: Intel® Rapid Start Technology Service

(irstrtsv) - Intel Corporation - C:\windows

\SysWOW64\irstrtsv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -

C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application

Local Management Service (LMS) - Intel Corporation - C:

\Program Files (x86)\Intel\Intel® Management Engine

Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes - C:\Program Files

(x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service

(MozillaMaintenance) - Mozilla Foundation - C:\Program Files

(x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -

C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) -

Unknown owner - C:\Program Files\Intel\WiFi\bin

\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102

(Netlogon) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service

(RegSrvc) - Intel® Corporation - C:\Program Files\Common

Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2

(RpcLocator) - Unknown owner - C:\windows

\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Service KMSELDI - Unknown owner - C:\Program

Files\KMSpico\Service_KMS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype

Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3

(SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe

(file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1

(Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe

(file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101

(sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe

(file missing)

O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH -

C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

(UI0Detect) - Unknown owner - C:\windows

\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application

User Notification Service (UNS) - Intel Corporation - C:

\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003

(VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -

Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:

\Program Files\RealVNC\VNC Server\vncserver.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -

Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:

\Program Files\Diebold\Warsaw\core.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601

(WatAdminSvc) - Unknown owner - C:\windows\system32\Wat

\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104

(wbengine) - Unknown owner - C:\windows\system32\wbengine.exe

(file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110

(wmiApSrv) - Unknown owner - C:\windows\system32\wbem

\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player

\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--

End of file - 12657 bytes

 

[Spyder.RV 0]

Opa, boa noite. O Notebook está no escritório. Amanhã eu faço o procedimento. Obrigado

[Spyder.RV 0]

Este notebook é particular ou de uma empresa ?

 

É particular mas estava na empresa.

[Spyder.RV 0]

Boa tarde.

 

Segue link do relatório do ZHPDiag:

 

http://www.cjoint.com/c/EJEte78DRMb

[Spyder.RV 0]

Boa tarde.

 

Agradeço a atenção excepcional prestada nesse tópico. Porém o equipamento precisará ser formatado por outras razões então não há motivo para continuar com os procedimentos.

 

Solicito o fechamento do tópico!