Click.giftload problem

[Kvitrafn]

step 3 :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f86c65659a625c4caf5bcb5a3567e80e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-29 07:09:41
# local_time=2011-03-29 09:09:41 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 128665 78088408 0 0
# compatibility_mode=8192 67108863 100 0 140 140 0 0
# scanned=8698
# found=0
# cleaned=0
# scan_time=457
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f86c65659a625c4caf5bcb5a3567e80e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-29 04:00:56
# local_time=2011-03-29 06:00:56 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 152644 78112387 0 0
# compatibility_mode=8192 67108863 100 0 24119 24119 0 0
# scanned=148827
# found=6
# cleaned=0
# scan_time=8354
C:\Qoobox\Quarantine\C\WINDOWS\msaptil.dll.vir a variant of Win32/Cimag.GJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DF0593A6-6EDC-406B-9729-E58A03DB95AD}\RP728\A0150353.dll Win32/Agent.OLR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DF0593A6-6EDC-406B-9729-E58A03DB95AD}\RP728\A0150354.dll Win32/Agent.OLR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DF0593A6-6EDC-406B-9729-E58A03DB95AD}\RP729\A0154353.exe a variant of Win32/Kryptik.LYM trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DF0593A6-6EDC-406B-9729-E58A03DB95AD}\RP729\A0154425.dll a variant of Win32/Cimag.GJ trojan (unable to clean) 00000000000000000000000000000000 I
M:\System Volume Information\_restore{DF0593A6-6EDC-406B-9729-E58A03DB95AD}\RP729\A0154423.EXE Win32/AutoRun.VB.EF worm (unable to clean) 00000000000000000000000000000000 I

[Blottedisk]

Well done Kvitrafn, we are done


Please follow this last procedure (this will also remove threats found by ESET):


Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.


Step 2 | Please download OTC by OldTimer to your desktop and run it

• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
• Also, please delete manually the following files in your desktop (move the files to the bin or right-click the files and choose "Send to recycle bin"):
  
  • aswMBR.exe
  • MBRCheck.exe
  • aswMBR logfile
  • The logfile genereted by MBRCheck (MBRCheck_mm.dd.yy_hh.mm.ss.txt)

Step 3 | Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered.
• Click the download button at the bottom.
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
• If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer
• Then from your desktop double-click on Adobe Reader to install the newest version.
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
• Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
• Click on Help and select Check for Updates.
• A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
• Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
• In the window that opens click Install.
• Once the update is done click Close.
• Your Adobe Reader is updated now.

Step 4 | Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

• Click on the following link to visit java website: Java Runtime Environment (JRE) 6
  
• Scroll down to where it says "JDK 6 Update 24 (JDK or JRE)".
• Click the "Download" button to the right column (JRE).
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue. The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the recently downloaded java installer icon to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Step 5 | I don't see any evidence of a 3rd Party Firewall installed on your computer. If you have one installed, make sure it's functioning properly. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world. Firewalls protect against hackers and malicious intruders.

If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in both directions... from one of these vendors:

• Comodo (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
• Online Armor Free (Free version at bottom of page (XP/Vista/W7 (32bit).) 64bit version not available yet. Some reported conflicts with Avira AntiVir.
• ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
• Ashampoo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a very basic firewall. This (XP) firewall is NO replacement for a dedicated software solution. Remember to install and have active, only one firewall at the same time. If you install one of these firewalls, remember to turn off Windows' firewall.


Last Step | Now, in order to avoid future infections, please take time to read the following article:

So how did I get infected in the first place?

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed

[Kvitrafn]

step 1 & 2 : done

I have a spybot alert when I try to instal Adobe.

[Blottedisk]

step 1 & 2 : done

I have a spybot alert when I try to instal Adobe.

The link I gave you is safe. Can you skip the alert?

[Kvitrafn]

I don't know, I'll try. But the lin doesn't load the exe anymore :/

[Kvitrafn]

step 4 : done

last step : done

I'll try again step 3 now

[Blottedisk]

But the lin doesn't load the exe anymore :/

I'm sorry.. What do you mean?

Did Spybot flagged the alert during installation or during the file's download?

[Kvitrafn]

step 3 is now done. I reboot and try again, and there were no problem this time...

About step 5, seems that I don't have firewall, that's weird, I thought I had one !

Should/can I remove these files :

Attach.txt
log from ComboFix
GMER.exe
MBR.txt
MBR.dat

and unistall these softwares :
CCleaner
Malwarebytes' Anti-Malware

?

[Blottedisk]

Yes, you can delete those files and uninstall those programs. You can also uninstall ESET Online Scanner, if present

[Kvitrafn]

All right.

Thanks A LOT for your time and help