| |
| |||||||
Log-Analyse und Auswertung: Beim Start schwarzes BildWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2009, 22:47
| #16 |
  |  Beim Start schwarzes Bild Hi, nein bis jetzt nicht... Warte noch auf das Feedback von Kollegen... Hat CureIT was gebracht? Wie ist Dein englisch? http://www.mydigitallife.info/2007/1...date-in-vista/ Hier etwas einfacher und in deutsch... http://windowshelp.microsoft.com/Win...9a75f1031.mspx chris Ps. So, mache jetzt Schluß, guts Nächtle...
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) Geändert von Chris4You (11.07.2009 um 22:53 Uhr) |
|
12.07.2009, 11:17
| #17 |
 | Beim Start schwarzes Bild Den CureIT Scan mach ich morgen, denn heut hab ich keine Zeit.
__________________Mit der Fehlerbehebung von Windows-Update klappts glaub ich nicht, weil das hab ich zuvor schonmal probiert und dann gings wieder nicht, aber da hat es bei 67% oder so sich aufgehängt. |
|
12.07.2009, 18:58
| #18 |
| | Beim Start schwarzes Bild Ich habe CureIT nun hernutergeladen, soll ich mit dem CureIT einen Komplettscan machen?
__________________Das schwarze Bild taucht mittlerweile nur noch sehr selten beim Hochfahren hoch, bzw seit gestern gar nicht mehr. Das Windows-Update hab ich mir nun manuell von der Microsoft-Website heruntergeladen. |
|
12.07.2009, 21:44
| #19 |
| | Beim Start schwarzes Bild Nachdem ich das Update Vista SP 2 nun manuell von der Microsoft-Website erfolgreich auf meinen PC heruntergleaden habe, erschien dann folgende Fehlermeldung während der Installation: ERROR_FILE_NOT_FOUND(0x80070002). |
|
13.07.2009, 06:23
| #20 |
| | Beim Start schwarzes Bild Hi, mach mit CureIT einen vollständigen Systemcheck... Zum Updateproblem: http://support.microsoft.com/kb/947366 chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
13.07.2009, 16:57
| #21 |
| | Beim Start schwarzes Bild Der Schnell-Scan mit CureIT funktioniert und findet nichts, aber nach dem Vorbereiten auf den Komplett-Scan stürzt Windows dann immer ab. ( Ich bin im abgesicherten Modus und führe als Administrator aus ) Beim Windows Update gehts auch nicht....das Vorbereitungstool geht bis zum initalisieren und dann wenn die Installation folgen sollte, hängts sich auf. Gibts schon Ergebnisse von der Gmer-Auswertung? Geändert von Wombat44 (13.07.2009 um 17:19 Uhr) |
|
14.07.2009, 06:57
| #22 |
| | Beim Start schwarzes Bild Hi, es sind sehr viele MBRs enthalten, was seltsam ist, aber darin sehen die Experten kein Problem.... Prüfe bitte mal die Festplatte mit chkdsk c: /f /r (über Start->ausführen chkdsk c: /f /r, chkdsk wird dann nachfragen ob beim nächsten Systemstart die Festplatte geprüft werden soll (da exclusiver Zugriff notwendig). Das abnicken und neu booten (geht ca. 30m-1h)... Danach bitte mal Silentrunner: SilentRunner: Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen. Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten. http://www.silentrunners.org/Silent%20Runners.zip chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
14.07.2009, 13:12
| #23 |
| | Beim Start schwarzes Bild TEIL 1: Code:
ATTFilter "Silent Runners.vbs", revision 59, hxxp://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"(Default)" = "(empty string)" [file not found]
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"Google Update" = ""C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"AdobeUpdater" = ""C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"GnabTray" = "C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart" [null data]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"RegistryMechanic" = "(empty string)" [file not found]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"ISTray" = ""C:\Program Files\Spyware Doctor\pctsTray.exe"" ["PC Tools"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"LexwareInfoService" = "C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live ID-Anmelde-Hilfsprogramm"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll" ["Google Inc."]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch"
-> {HKLM...CLSID} = "Google Dictionary Compression sdch"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" ["Google Inc."]
{c9508125-4747-4733-b048-e4b82dc9716d}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PHPNukeDE Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PHPNukeDE\tbPHPN.dll" ["Conduit Ltd."]
{CC7E636D-39AA-49b6-B511-65413DA137A1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IE Developer Toolbar BHO"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"
-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"
\InProcServer32\(Default) = "C:\Windows\System32\ieframe.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
<<!>> x-sdch\CLSID = "{B1759355-3EEC-4C1E-B0F1-B719FE26E377}"
-> {HKLM...CLSID} = "Google Dictionary Compression filter"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" ["Google Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
SDContextExt\(Default) = "{70F8E90E-353A-47AB-B297-C576345EE693}"
-> {HKLM...CLSID} = "PC Tools Context Menu Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL" ["PC Tools"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
SDContextExt\(Default) = "{70F8E90E-353A-47AB-B297-C576345EE693}"
-> {HKLM...CLSID} = "PC Tools Context Menu Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL" ["PC Tools"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"LogonHoursAction" = (REG_DWORD) dword:0x00000002
{unrecognized setting}
"DontDisplayLogonHoursWarnings" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures\Landschaften\Tschierva_glacier_rework[1].jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\***\Pictures\Landschaften\Tschierva_glacier_rework[1].jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\UEFA20~1.SCR" (UEFA 2008 (en).scr) ["ScreenTime Media"]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
FunMultiMediaHandler\
"Provider" = "MultiMedia Manager"
"ProgID" = "FUNBOX.Autoplay"
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"
-> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"
\LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]
HPGGPhotoEventHandler\
"Provider" = "HP Photosmart Essential"
"InvokeProgID" = "HP.acquireautoplayG"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\HP.acquireautoplayG\shell\open\DropTarget\CLSID = "{F3A39B00-BE67-4d7d-BED7-53E9C510EC5B}"
-> {HKLM...CLSID} = "HP AcquireAutoPlay2 Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Photosmart Essential\AcquireAutoPlay.dll" [empty string]
iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]
iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]
iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]
iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]
MedionboxCDBurning\
"Provider" = "Medionbox"
"InvokeProgID" = "Medionbox.BurnCD"
"InvokeVerb" = "Burn"
HKLM\SOFTWARE\Classes\Medionbox.BurnCD\shell\Burn\command\(Default) = ""C:\Program Files\Medion\MEDIONbox\Program\GnabClient.exe" -device %L -burn" [null data]
MedionboxPlayCDAudio\
"Provider" = "Medionbox"
"InvokeProgID" = "Medionbox.AudioCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Medionbox.AudioCD\shell\Play\command\(Default) = ""C:\Program Files\Medion\MEDIONbox\Program\GnabClient.exe" -device %L -play" [null data]
NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]
NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]
NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]
NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]
NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]
Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa2"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]
WIA_{04EEA35A-AB10-4811-9BA0-DFEEA7BEB78B}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
WIA_{55ECFA93-3D46-4103-9BD5-31D6C42B3F35}\
"Provider" = "Picasa2"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
Startup items in "****" & "All Users" startup folders:
------------------------------------------------------------
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"uefa.com Alerts" -> shortcut to: "C:\Users\M\uefa-alerts.exe" [file not found]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Windows\system32\wpclsp.dll [MS], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18, 20 - 27
Geändert von cosinus (18.12.2021 um 18:59 Uhr) Grund: Name unkenntlich |
|
14.07.2009, 13:13
| #24 |
| | Beim Start schwarzes Bild TEIL 2: Code:
ATTFilter Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."]
"{C9508125-4747-4733-B048-E4B82DC9716D}"
-> {HKLM...CLSID} = "PHPNukeDE Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PHPNukeDE\tbPHPN.dll" ["Conduit Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQToolBar"
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{C9508125-4747-4733-B048-E4B82DC9716D}" = "PHPNukeDE Toolbar"
-> {HKLM...CLSID} = "PHPNukeDE Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PHPNukeDE\tbPHPN.dll" ["Conduit Ltd."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{855F3B16-6D32-4FE6-8A56-BBB695989046}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]
{A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IE Developer Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}\(Default) = "Google Find Bar"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "An OneNote senden"
"MenuText" = "An OneNote s&enden"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]
{48FFE35F-36D9-44BD-A6CC-1D34414EAC0D}\
"ButtonText" = "IE Developer Toolbar"
"CLSIDExtension" = "{CC962137-2E78-4F94-975E-FC0C07DBD78F}"
-> {HKLM...CLSID} = "Developer Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6.5\ICQ.exe" ["ICQ, LLC."]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
<<H>> C:\WINDOWS\INF\IERESET.INF was not found!
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar mit Pop-Up-Blocker"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
<<H>> "{c9508125-4747-4733-b048-e4b82dc9716d}" = (no title provided)
-> {HKLM...CLSID} = "PHPNukeDE Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PHPNukeDE\tbPHPN.dll" ["Conduit Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\ProgramData\ICQ\ICQNewTab\newTab.html" [null data]
<<H>> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Planer, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
Bonjour-Dienst, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
GnabService, GnabService, "c:\program files\common files\gnab\service\servicecontroller.exe" [null data]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
ICQ Service, ICQ Service, "C:\Program Files\ICQ6Toolbar\ICQ Service.exe" [empty string]
Jugendschutz, WPCSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wpcsvc.dll" [MS]}
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]}
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
PC Tools Auxiliary Service, sdAuxService, "C:\Program Files\Spyware Doctor\pctsAuxs.exe" ["PC Tools"]
PC Tools Security Service, sdCoreService, "C:\Program Files\Spyware Doctor\pctsSvc.exe" ["PC Tools"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]}
SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2009-07-14 14:05:30)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 82 seconds, including 19 seconds for message boxes)
Mit der Festplatte machts das automatisch, wenn ich reingehe, da wird nichts nachgefragt, das legt gleich los. Ich glaube, die hab ich aber gestern schon 2 mal automatisch überprüft, nachdem der PC abgestürzt ist. Muss ich den Scan mit CureIT nicht mehr machen? Und ist das Windows Update denn wichtig? Geändert von cosinus (18.12.2021 um 19:00 Uhr) Grund: Name |
|
14.07.2009, 15:41
| #25 |
| | Beim Start schwarzes Bild Hi, gibt auch nichts her... Du solltest Dich für eine Securitylösung entscheiden, zuviele stören sich gegenseitig. Es kann eigentlich nicht sein, das chkdsk mit Parameter /f/r gleich startet, da es dazu exclusiven Zugriff braucht (und das geht nur wenn Windows startet, bevor es richtig "oben" ist)... Hast Du eine Vista-DVD, um die Systemdateien überprüfen zu können? Wenn ja, cmd.exe wie folgt starten: http://www.winsupportforum.de/forum/windows-vista-tipps-und-tricks/55-eingabeaufforderung-als-administrator-starten.html und dann sfc /scannow in der Konsole eingeben... Das läuft langsam auf eine Neuinstallation raus: http://newyear2006.wordpress.com/2006/11/20/reparaturinstallation-unter-windows-vista/ chris chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
14.07.2009, 17:07
| #26 |
| | Beim Start schwarzes Bild Weshalb wäre die Neuinstallation gut? Ist das problem das schwarze Bild? Mir ist nach den zahlreichen Starts zu Hause aufgefallen, dass das schwarze Bild nur auftritt wenn Windows unerwartet abstürzt um Schaden zu verhindern, wenn das mein Englisch richtig hergibt. Ich weiß nicht ob das mit Vista CD gemeint ist: Medion Recovery Disc für Windows Wista Home Premium Kann es sein, dass bei dem Befehl auch etwas anderes ausgeführt, wird, weil nur wenn ich die Anwendung als Administrator starte öffnet sich das Fenster überhaupt und überprüft dann. Wenn ich es einfach zu öffen versuche, schließt es sich sofort wieder und ich kann gar nichts erkennen. Geändert von Wombat44 (14.07.2009 um 17:35 Uhr) |
|
15.07.2009, 06:44
| #27 |
| | Beim Start schwarzes Bild Hi, ich denk dass sich ein paar Treiber daneben benehmen oder einige Windowsdatein beschädigt sind, darum. Allerdings geht mit einer Recovery-CD nur die Neuinstallation. Bringt das Überprüfen der Systemdateien einen Fehler? Bei einem Absturz, was wir genau angezeigt? Sytemsteuerung->System/Arbeitsspeicher u. Prozessor..->Erweiterte Systemeinstellungen->Erweitert->Starten u. Wiederherstellen->Einstellungen und dort dann Systemfehler in das Systemprotokoll eintragen auswählen (Haken dran), Haken bei automatisch Neustart ausführen weg und Auswahlbox kleines Speicherabbild auswählen... Die Fehler sollten nun in das Systemprotokoll eingetragen werden, so dass nach gelesen werden kann was eigentlich passiert ist... Nach einem Crash: Ereignisanzeige: Start > ausführen > eventvwr.msc Dort dann unter Windows-Protokolle->System nachschauen bzw. unter Anwendungen etc. Chris Ps.: Es kommen dabei einige Sicherheitsabfragen von Windows die abnicken...
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
15.07.2009, 12:58
| #28 |
| | Beim Start schwarzes Bild Nach nem Abszurz wenn ich neustarte kommt dann das die Festplatte oder die Laufwerke überprüft werden... Geht das Überprüfen der Systemdateien ohne eine CD? |
|
15.07.2009, 13:02
| #29 |
| | Beim Start schwarzes Bild Hi, erstmal ja... Was für ein Dateisystem verwendest Du? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
15.07.2009, 14:13
| #30 |
| | Beim Start schwarzes Bild Der Typ des Dateisystem ist NTFS  Und ob es jetzt glaubwürdig ist oder nicht, das SP2 ließ sich nun installieren.  |
|
| Themen zu Beim Start schwarzes Bild |
| antivir, aufrufe, avira, bonjour, defender, desktop, explorer, firefox, google, hijack, hijackthis, icq, internet, internet explorer, lexware, logfile, malwarebytes, malwarebytes' anti-malware, microsoft, mozilla, problem, registrierungsschlüssel, schwarzes bild, sekunden, software, spyware, system, taskmanager, vista, windows |
Linear-Darstellung
