Essa webssearchs apareceu nos meus navegadores. Executei o AdwCleaner e o JRT. Seguem os logs:
# AdwCleaner v4.001 - Relatório criado 22/10/2014 às 16:46:32
# Atualizado 20/10/2014 por Xplode
# Banco de dados : 2014-10-21.1
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Rafael - RAFAEL-PC
# Executando de : C:\Users\Rafael\Desktop\adwcleaner_4.001.exe
# Opção : Examinar
***** [ Serviços ] *****
Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Encontrado : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Pasta Encontrado : C:\Program Files (x86)\PennyBee
Pasta Encontrado : C:\Program Files (x86)\SmartSaver+ 3.5
Pasta Encontrado : C:\ProgramData\Online
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\Rafael\AppData\Local\Genesis_10221817
Pasta Encontrado : C:\Users\Rafael\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\eCyber
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com[/email]
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]faststartff@gmail.com[/email]
***** [ Tarefas ] *****
Tarefa Encontrada : globalUpdateUpdateTaskMachineCore
Tarefa Encontrada : globalUpdateUpdateTaskMachineUA
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-1
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-11
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-2
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-3
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-4
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5_user
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-6
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-7
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\SmartSaver+ 3.5
Chave Encontrada : HKCU\Software\genesis
Chave Encontrada : HKCU\Software\GlobalUpdate
Chave Encontrada : HKCU\Software\Headlight
Chave Encontrada : HKCU\Software\InstalledBrowserExtensions
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKCU\Software\powerpack
Chave Encontrada : [x64] HKCU\Software\genesis
Chave Encontrada : [x64] HKCU\Software\GlobalUpdate
Chave Encontrada : [x64] HKCU\Software\Headlight
Chave Encontrada : [x64] HKCU\Software\InstalledBrowserExtensions
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKCU\Software\powerpack
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644484485}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644484485}
Chave Encontrada : HKLM\SOFTWARE\GlobalUpdate
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 3.5
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Encontrada : HKLM\SOFTWARE\SmartSaver+ 3.5
Chave Encontrada : HKLM\SOFTWARE\webssearchesSoftware
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email]faststartff@gmail.com[/email]]
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17280
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
-\\ Mozilla Firefox v22.0 (en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [13390 octets] - [22/10/2014 16:46:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13451 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Basic x64
Ran by Rafael on 22/10/2014 at 16:58:53,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Rafael\AppData\Roaming\getrighttogo"
~~~ FireFox
Successfully deleted the following from C:\Users\Rafael\AppData\Roaming\mozilla\firefox\profiles\tx4sr6xr.default\prefs.js
user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985");
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/10/2014 at 17:03:12,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Oliveira.ibi...
Super Participante
Registrado
690 Mensagens
38 Curtidas
Webssearchs infectando o PC
#1 Por Oliveira.ibi...
22/10/2014 - 17:20