Problem with UDCONN.DLL

Discussion in 'adware, spyware & hijack cleaning' started by aguirre, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. aguirre

    aguirre Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    1
    I follow the steps 1, 2 and 3. https://www.wilderssecurity.com/showthread.php?t=15913

    Here is my LOG:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:12:17, on 18/06/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\ARQUIV~1\AVG6\avgserv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\VTTimer.exe
    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
    C:\Arquivos de programas\Image Transfer\SonyTray.exe
    C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
    C:\ARQUIV~1\AVG6\AVGCC32.EXE
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Arquivos de programas\FlipAlbum 5 Pro Eval\fplaunch.dll
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [NetComm] C:\Arquivos de programas\NetComm\NetComm.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Tomar Agua] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.156\Tomar_Agua.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Administrador\Desktop\Info - Downloads\FreeRAM XP Pro 1.40.exe" -win
    O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Image Transfer.lnk = C:\Arquivos de programas\Image Transfer\SonyTray.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38069.4635185185
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
    O16 - DPF: {BCCE01E6-3B40-4D4A-B534-1A83745C1B75} (TecladoVirtual Class) - https://ww4.banrisul.com.br/bto/link/msie/btophkxw.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Arquivos de programas\OpenCube\Visual QuickMenu Pro\program\comdlg32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA441C65-37EB-4AA6-98B1-91BCCF7BF23F}: NameServer = 200.176.2.10,200.176.2.12

    HELP!!!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
Thread Status:
Not open for further replies.