Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Nesto mi puni hd

[es] :: Windows desktop :: Nesto mi puni hd
(Zaključana tema (lock), by Goran Mijailovic)

[ Pregleda: 2273 | Odgovora: 6 ] > FB > Twit

Postavi temu

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

th33nd

Član broj: 45644
Poruke: 152
212.200.215.*



+1 Profil

icon Nesto mi puni hd06.02.2009. u 16:06 - pre 151 meseci
Modem od adsl'a blinka kao da skida nesto,a C particija mi se puni.. NOD32 ne detektuje nista. netstat ne pokazuje ni jednu "cudnu" konekciju.
Koji programom mogu da vidim sta je poslednje upisano na hard disk?
assumption is the mother of all screwups
Windows
 
0

th33nd

Član broj: 45644
Poruke: 152
79.101.64.*



+1 Profil

icon Re: Nesto mi puni hd06.02.2009. u 16:49 - pre 151 meseci
4GB mi je napunio i sad stoji. Nezavisno je od interneta jer je punio i kad iskljucim modem..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:42 PM, on 2/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....lashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8462 bytes

assumption is the mother of all screwups
Windows
 
0

Davor Stanković

Član broj: 161855
Poruke: 533
*.sa-hs-hkb.ba.



+26 Profil

icon Re: Nesto mi puni hd06.02.2009. u 23:50 - pre 151 meseci
Ti rece i kad nisi konektovan puni ti se hdd?

Jel' ti upaljen system restore? Nisam ti gledao log, sutra cu ako me neko ne preduhitri :)
 
0

Flash411

Član broj: 53039
Poruke: 1846
*.adsl.net.t-com.hr.

Jabber: flash411@jid.pl
ICQ: 296417234
Sajt: www.etfos.hr/~mgavlik/goo..


+4 Profil

icon Re: Nesto mi puni hd07.02.2009. u 09:22 - pre 151 meseci
@th33nd - skini si ova tri programa i gledaj sta se zbiva,nemora bit da je virus
a,kao sto davor kaze,skicni da ti nije upaljen system restore
filemon - http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx
pregled upisivanja i citanja fajlova na disku u realnom vremenu,prikaz procesa,i putanje fajla

i.disk - http://www.memecode.com/idisk.php
graficki prikaz zauzeca pojedinog foldera

sequoia view - http://w3.win.tue.nl/nl/onderz...ca/visualization/sequoiaview//
graficki prikaz velicine fajlova u obliku kockica,veca kockica - veci fajl
Gone insane,be right back..... | Malo drugacija google pretraga
http://poremecenum.blog.hr/ | http://www.etfos.hr/~mgavlik/googledirectorysearch/
____________________________________________________
Failure is not an option. It comes bundled with Windows.
 
0

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+436 Profil

icon Re: Nesto mi puni hd07.02.2009. u 15:07 - pre 151 meseci
@ th33nd

Iskljuci system restore, moguce je da je do njega a i do volume shadow copy service-a, koji su uzajamno povezani. Moguce je da je i neki torent program.
Pogledaj i ovde:
http://www.elitesecurity.org/t345373-0#2172819
http://www.elitesecurity.org/t351579-0#2172823
 
0

th33nd

Član broj: 45644
Poruke: 152
93.86.190.*



+1 Profil

icon Re: Nesto mi puni hd09.02.2009. u 02:27 - pre 151 meseci
Bio mi je ukljucen system restore,nisam znao za to. Hvala svima
p.s.kad sam ga iskljucio vratio mi je svu memoriju koju je popunio.
System restore u suštini nije loša stvar, samo mene još uvek mrzi da particionišem svoj hd malo bolje i moja C particija ima samo 50gb
tako da mi je pravio problem. Kada particionišem (odnosno sl. put kad reinstaliram Vistu) ostaviću ovu opciju uključenu.
assumption is the mother of all screwups
Windows
 
0

pantic68
zoran pantic
sabac

Član broj: 50312
Poruke: 913
91.150.70.*



+11 Profil

icon Re: Nesto mi puni hd09.02.2009. u 06:26 - pre 151 meseci
System restore nije od prevelike pomoci, cesce sluzi kao zimovaliste za viruse. Najbolje ga ostavi ali mu smanji velicinu na nekoliko stotina mb, bice dovolno za slucaj da nesto zabrljas. Inace je podesen na 10% velicine diska.
 
0

[es] :: Windows desktop :: Nesto mi puni hd
(Zaključana tema (lock), by Goran Mijailovic)

[ Pregleda: 2273 | Odgovora: 6 ] > FB > Twit

Postavi temu

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.