aze Posted May 9, 2008 Report Share Posted May 9, 2008 Today, my utorrent crashed , I did relaunch it but it crashed again. I tried to desinstall it and reinstall but the problem is still there. Any help would be nice.here it's my hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:35:10, on 9/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\drivers\spools.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\ping.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ping.exeC:\WINDOWS\system32\ping.exeC:\WINDOWS\system32\ping.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.frR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NUMERICABLER0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exeO4 - HKLM\..\Run: [autoload] C:\Documents and Settings\prince\cftmon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NounEq] C:\DOCUME~1\prince\APPLIC~1\DrawMfcd\body deaf about.exeO4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exeO4 - HKCU\..\Run: [autoload] C:\Documents and Settings\prince\cftmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.google.frO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe--End of file - 4987 bytesprocess explorer:Process PID CPU Description Company NameSystem Idle Process 0 96.92 Interrupts n/a Hardware Interrupts DPCs n/a 1.54 Deferred Procedure Calls System 4 smss.exe 616 Gestionnaire de session Windows NT Microsoft Corporation csrss.exe 672 Client Server Runtime Process Microsoft Corporation winlogon.exe 696 Application d'ouverture de session Windows NT Microsoft Corporation services.exe 740 Applications Services et Contrôleur Microsoft Corporation svchost.exe 920 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 996 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1096 Generic Host Process for Win32 Services Microsoft Corporation wscntfy.exe 536 Windows Security Center Notification App Microsoft Corporation svchost.exe 1144 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 256 Spooler SubSystem App Microsoft Corporation avp.exe 560 Kaspersky Anti-Virus Kaspersky Lab nvsvc32.exe 604 NVIDIA Driver Helper Service, Version 56.72 NVIDIA Corporation wdfmgr.exe 1040 Windows User Mode Driver Manager Microsoft Corporation alg.exe 664 Application Layer Gateway Service Microsoft Corporation usnsvc.exe 2084 Messenger Sharing USN Journal Reader Service Microsoft Corporation svchost.exe 3688 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 752 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1616 Explorateur Windows Microsoft Corporationavp.exe 1756 Kaspersky Anti-Virus Kaspersky Labjusched.exe 1828 Java Platform SE binary Sun Microsystems, Inc.msmsgs.exe 1944 Windows Messenger Microsoft Corporationspools.exe 1976 ctfmon.exe 2008 CTF Loader Microsoft Corporationping.exe 2412 Commande TCP/IP Ping Microsoft Corporationping.exe 1824 Commande TCP/IP Ping Microsoft Corporationping.exe 2256 Commande TCP/IP Ping Microsoft Corporationping.exe 2104 Commande TCP/IP Ping Microsoft Corporationiexplore.exe 240 Internet Explorer Microsoft Corporationrundll32.exe 2068 Exécuter une DLL en tant qu'application Microsoft Corporationiexplore.exe 3844 Internet Explorer Microsoft CorporationHijackThis.exe 2532 HijackThis Trend Micro Inc.procexp.exe 3036 Sysinternals Process Explorer Sysinternals - www.sysinternals.comuTorrent.exe 3052 µTorrent BitTorrent, Inc.procexp.exe 2516 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3052Name Description Company Name VersionACTIVEDS.dll DLL de la couche de routage AD Microsoft Corporation 5.01.2600.2180adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.01.2600.2180ADVAPI32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.2180amvo0.dll ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0258COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Interface utilisateur du gestionnaire d'informations d'identification Microsoft Corporation 5.01.2600.2180CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DBGHELP.DLL Windows Image Helper Microsoft Corporation 5.01.2600.2180DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2180dnsq.dll DNSQ Kaspersky Lab 7.00.0000.0119ftp34.dll GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2180hnetcfg.dll Gestionnaire de configuration de réseau domestique Microsoft Corporation 5.01.2600.2180Iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.01.2600.2180kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.2180locale.nls miscr3.dll Kaspersky Anti-Virus Ring 3 Hooker Helper Kaspersky Lab 7.00.0000.0119MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll DLL de MSCTF Server Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180netshell.dll Noyau des Connexions réseau Microsoft Corporation 5.01.2600.2180ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.2180oleaut32.dll Microsoft Corporation 5.01.2600.2180R000000000007.clb rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2180RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.2180SHELL32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2900.2180shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2900.2180sortkey.nls sorttbls.nls unicode.nls USER32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.10054uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WININET.dll Extensions Internet pour Win32 Microsoft Corporation 6.00.2900.2180WLDAP32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Messages Service Pack 2 Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 9, 2008 Report Share Posted May 9, 2008 You're infected with bad/mal-wareO4 - HKLM\..\Run: [autoload] C:\Documents and Settings\prince\cftmon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeDunno what ftp34.dll or amvo0.dll goes to, but it's injected. Also you've got alot of PING processes running.You may want to update Kaspersky to 7.0.1.x... Link to comment Share on other sites More sharing options...
Greg Hazel Posted June 2, 2008 Report Share Posted June 2, 2008 Indeed, ftp34.dll is a leading cause of uTorrent crashes. Almost as much as nVidia's firewall!That said, if you know how you got infected, or could send me a copy of "C:\Documents and Settings\prince\cftmon.exe" renamed to ctfmon.badfile, I would like to reproduce it on a virtual machine. Link to comment Share on other sites More sharing options...
Firon Posted June 2, 2008 Report Share Posted June 2, 2008 Send ftp34.dll too, renamed to something else. Link to comment Share on other sites More sharing options...
jewelisheaven Posted June 2, 2008 Report Share Posted June 2, 2008 !!! yes yes, give developers bad files. Hopefully they'll be able to code around whatever the hooks cause to crash. Link to comment Share on other sites More sharing options...
Firon Posted June 2, 2008 Report Share Posted June 2, 2008 While it would certainly be best to yell at every user to clean up their PC, it causes an awfully high number of crashes, which makes ut look bad, even if it's not really our fault. Link to comment Share on other sites More sharing options...
Ultima Posted June 3, 2008 Report Share Posted June 3, 2008 Added mention of ftp#.dll to the crash thread. Link to comment Share on other sites More sharing options...
Firon Posted June 3, 2008 Report Share Posted June 3, 2008 Well, it seems to always be ftp34.dll, not any other number. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.