@
luizfreazaDo you understand English? Please continue with my instructions:
You need to uninstall this adware software:
WebCake 3.00 (Version: 3.00)Then go to your browser setting ( firefox & chrome ) and remove
all uknown extensions for you.
---------------------------
Your USB devices are infected:
> Check USB storage devices / removable drives
Download
MCShield from one of the following links:
MyCity - Official download link Softpedija - Mirror download link - Double click MCShield-Setup to install the application.
- Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.- Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start -> All Programs -> MCShield -> Logs
Attach here ->
AllScans.txtExplanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc. =========== Next =========Open notepad.
Click Start
Type notepad.exe in the search programs and files box and click Enter.
A blank Notepad page should open.
Copy - paste the content below;
HKCU\...\Run: [WebCake Desktop] "C:\Users\Luiz\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-07] (WebCake LLC)
MountPoints2: {15ae44d4-3cb1-11e2-ad6e-9439e5fcae5c} - F:\setup.exe
MountPoints2: {15ae493f-3cb1-11e2-ad6e-9439e5fcae5c} - E:\AutoRun.exe
MountPoints2: {15ae4965-3cb1-11e2-ad6e-9439e5fcae5c} - G:\AutoRun.exe
MountPoints2: {c9f07698-3f02-11e2-80c2-9439e5fcae5c} - E:\AutoRun.exe
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
CHR Extension: (WebCake) - C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
C:\Users\Luiz\AppData\Roaming\WebCake
C:\Program Files (x86)\WebCake
E:\AutoRun.exe
G:\AutoRun.exe
C:\AutoRun.exe
D:\AutoRun.exe
F:\AutoRun.exe
Save this as fixlist.txt in the same folder where you saved FRST.exefixlist.txt must be in the same location where FRST.exe tool is!
Double-click to run FRST.exe.
[/list]
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
> Attach here fixlog.txt logreport.
=========== Next =========- Re-run TDSSKiller.exe and click on Change parametres.
- Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
- Click on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the C:\ directory.=========== Next =========Re-run FRST adn attach here fresh FRST.txt log for analyst.