Jump to content

Every Time Utorrent Start, Pc Become Crazy


protocol

Recommended Posts

Posted

Hi everyone, everytime and only when I start uTorrent , cpu usage grows and keep being fixed at 50-60%, and not only the internet connection( this would be normal) but the entire pc slow down , I tried to understand the cause through netstat, and I saw this line

UDP 0.0.0.0:6771 *:*

appearing in the list , maybe ( I'm not sure) I used it in past but now my Utorrent port is another one . More, this port has disappeared after I close Utorrent and run again netstat. When I close Utorrent , it take about 10 minutes before cpu usage take down at normal state e and pc stop working , as if it was reading again packages. I read somewhere the 6771 port is the one of the DeepThroat trojan , could it be this? Last one thing , this week I found in my computer a win32.agent and a smitfraug , and sometimes at the start of windows the firewall didn't want to be started , nether from services windows , now this problem has been solved but can be usefull to diagnose some other problem . Does anyone know what can I do to solve my problem?

Posted

I ' ve always used this antivirus and I never had problem with Utorrent , here is my log , but it seems clean to me

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06, on 2008-06-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe

F:\WINDOWS\System32\svchost.exe

F:\PROGRA~1\AVG\AVG8\avgrsx.exe

F:\PROGRA~1\AVG\AVG8\avgemc.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

F:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\Programmi\PowerISO\PWRISOVM.EXE

F:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

E:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

F:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

F:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

F:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe

F:\Programmi\VIA\RAID\raid_tool.exe

F:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

F:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe

F:\Programmi\Internet Explorer\iexplore.exe

F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

F:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "F:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "F:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Programmi\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "E:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] F:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] F:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: VIA RAID TOOL.lnk = F:\Programmi\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211113842750

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Programmi\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - F:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

--

End of file - 9164 bytes

Posted

I've always used two antivirus simultaneously , but I 'll will remove avira anyway

the problem is just this , every time I open task manager , there isn' t a process that have all that usage, I 'm thinking to a hidden process, is there any program that shows hidden proc.?

Posted

BTW, this little thing likes to mess with uTorrent (indexers are the BANE of file-sharing!):

O23 - Service: NMIndexingService - Nero AG - F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...