protocol Posted June 19, 2008 Report Posted June 19, 2008 Hi everyone, everytime and only when I start uTorrent , cpu usage grows and keep being fixed at 50-60%, and not only the internet connection( this would be normal) but the entire pc slow down , I tried to understand the cause through netstat, and I saw this line UDP 0.0.0.0:6771 *:*appearing in the list , maybe ( I'm not sure) I used it in past but now my Utorrent port is another one . More, this port has disappeared after I close Utorrent and run again netstat. When I close Utorrent , it take about 10 minutes before cpu usage take down at normal state e and pc stop working , as if it was reading again packages. I read somewhere the 6771 port is the one of the DeepThroat trojan , could it be this? Last one thing , this week I found in my computer a win32.agent and a smitfraug , and sometimes at the start of windows the firewall didn't want to be started , nether from services windows , now this problem has been solved but can be usefull to diagnose some other problem . Does anyone know what can I do to solve my problem?
jewelisheaven Posted June 19, 2008 Report Posted June 19, 2008 High CPU usage ... http://utorrent.com/faq.php#My.C2.B5Torrent_freezes_locks_up_sometimes_and_or_uses_100_CPUUDP 6771 is for DHT iirc.What AV/security software/firewall do you use?
protocol Posted June 19, 2008 Author Report Posted June 19, 2008 av ==> antivir firewall==> the windows' one
Firon Posted June 19, 2008 Report Posted June 19, 2008 Post a HijackThis log, though it's probably Antivir's fault.
protocol Posted June 20, 2008 Author Report Posted June 20, 2008 I ' ve always used this antivirus and I never had problem with Utorrent , here is my log , but it seems clean to me Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06, on 2008-06-20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\spoolsv.exeF:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exeF:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exeF:\PROGRA~1\AVG\AVG8\avgwdsvc.exeF:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exeF:\WINDOWS\System32\svchost.exeF:\PROGRA~1\AVG\AVG8\avgrsx.exeF:\PROGRA~1\AVG\AVG8\avgemc.exeF:\WINDOWS\system32\wscntfy.exeF:\WINDOWS\Explorer.EXEF:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exeF:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exeF:\PROGRA~1\AVG\AVG8\avgtray.exeD:\Programmi\PowerISO\PWRISOVM.EXEF:\Programmi\Java\jre1.6.0_05\bin\jusched.exeE:\Programmi\Microsoft Office\Office12\GrooveMonitor.exeF:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exeF:\WINDOWS\system32\ctfmon.exeF:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exeF:\Programmi\Spybot - Search & Destroy\TeaTimer.exeF:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exeF:\Programmi\VIA\RAID\raid_tool.exeF:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exeF:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exeF:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exeF:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exeF:\Programmi\Internet Explorer\iexplore.exeF:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exeF:\Programmi\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = CollegamentiO2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Programmi\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar1.dllO4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NeroFilterCheck] F:\Programmi\File comuni\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [avgnt] "F:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [startCCC] "F:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Programmi\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [GrooveMonitor] "E:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] F:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exeO4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] F:\Programmi\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exeO8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exeO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211113842750O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Programmi\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NBService - Nero AG - F:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe--End of file - 9164 bytes
DreadWingKnight Posted June 20, 2008 Report Posted June 20, 2008 Having 2 antivirus apps installed can cause them to trip over each other.try uninstalling avira
jewelisheaven Posted June 20, 2008 Report Posted June 20, 2008 Knowing WHAT PROCESS is actually using CPU will help too.
protocol Posted June 20, 2008 Author Report Posted June 20, 2008 I've always used two antivirus simultaneously , but I 'll will remove avira anywaythe problem is just this , every time I open task manager , there isn' t a process that have all that usage, I 'm thinking to a hidden process, is there any program that shows hidden proc.?
Switeck Posted June 20, 2008 Report Posted June 20, 2008 Process Explorer can show more than Task Manager...but you may need to turn a couple columns on to make sense of it all.
Firon Posted June 20, 2008 Report Posted June 20, 2008 Process Explorer shows DPCs and Interrrupts, both of which are related to drivers and kernel cpu time.
protocol Posted June 23, 2008 Author Report Posted June 23, 2008 It's an interrupts problem, they go arrive to 50-60% of cpu usage, but I don' t remember to has install any new driver in my PC recently
Firon Posted June 24, 2008 Report Posted June 24, 2008 Uninstall your IDE and SATA controllers, then try rebooting.
protocol Posted June 25, 2008 Author Report Posted June 25, 2008 thanks a lot!! Disinstalling controllers make all return to normality . thanks for your help , good continuation
Switeck Posted June 26, 2008 Report Posted June 26, 2008 BTW, this little thing likes to mess with uTorrent (indexers are the BANE of file-sharing!):O23 - Service: NMIndexingService - Nero AG - F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
Recommended Posts
Archived
This topic is now archived and is closed to further replies.