Problem with UDCONN.DLL

Discussion in 'adware, spyware & hijack cleaning' started by aguirre, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. aguirre

    aguirre Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    1
    I follow the steps 1, 2 and 3. https://www.wilderssecurity.com/showthread.php?t=15913

    Here is my LOG:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:12:17, on 18/06/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\ARQUIV~1\AVG6\avgserv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\VTTimer.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
    C:\Arquivos de programas\Image Transfer\SonyTray.exe
    C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
    C:\ARQUIV~1\AVG6\AVGCC32.EXE
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Arquivos de programas\FlipAlbum 5 Pro Eval\fplaunch.dll
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [NetComm] C:\Arquivos de programas\NetComm\NetComm.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Tomar Agua] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.156\Tomar_Agua.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Administrador\Desktop\Info - Downloads\FreeRAM XP Pro 1.40.exe" -win
    O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Image Transfer.lnk = C:\Arquivos de programas\Image Transfer\SonyTray.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38069.4635185185
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
    O16 - DPF: {BCCE01E6-3B40-4D4A-B534-1A83745C1B75} (TecladoVirtual Class) - https://ww4.banrisul.com.br/bto/link/msie/btophkxw.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Arquivos de programas\OpenCube\Visual QuickMenu Pro\program\comdlg32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA441C65-37EB-4AA6-98B1-91BCCF7BF23F}: NameServer = 200.176.2.10,200.176.2.12

    HELP!!!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,425
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.