@ luizfreaza
Do you understand English? Please continue with my instructions:
You need to uninstall this adware software:
WebCake 3.00 (Version: 3.00)
Then go to your browser setting ( firefox & chrome ) and remove all uknown extensions for you.
Your USB devices are infected:
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
=========== Next =========
Open notepad.
Click Start
Type notepad.exe in the search programs and files box and click Enter.
A blank Notepad page should open.
Copy - paste the content below;
HKCU\...\Run: [WebCake Desktop] "C:\Users\Luiz\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-07] (WebCake LLC)
MountPoints2: {15ae44d4-3cb1-11e2-ad6e-9439e5fcae5c} - F:\setup.exe
MountPoints2: {15ae493f-3cb1-11e2-ad6e-9439e5fcae5c} - E:\AutoRun.exe
MountPoints2: {15ae4965-3cb1-11e2-ad6e-9439e5fcae5c} - G:\AutoRun.exe
MountPoints2: {c9f07698-3f02-11e2-80c2-9439e5fcae5c} - E:\AutoRun.exe
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
CHR Extension: (WebCake) - C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
C:\Users\Luiz\AppData\Roaming\WebCake
C:\Program Files (x86)\WebCake
E:\AutoRun.exe
G:\AutoRun.exe
C:\AutoRun.exe
D:\AutoRun.exe
F:\AutoRun.exe
[u]Save this as [b]fixlist.txt[/b] in the same folder where you saved [b]FRST.exe[/b][/u]
fixlist.txt must be in the same location where FRST.exe tool is!
Double-click to run FRST.exe.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.
Attach here fixlog.txt logreport.
=========== Next =========
[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.
=========== Next =========
Re-run FRST adn attach here fresh FRST.txt log for analyst.