Hallo Foren Gemeinde...hab da ein kleines Problem und zwar finde ich auf meine Pc den Ordner System32 nicht mehr...hab in der systemsteuerung unter Ordneroption versteckte und systemdateien miteinbeziehen ausgewählt, also kanns an den nicht liegen. Auch habe ich versucht den Ordner im abgesicherten Modus zu finden was leider auch kein Erfolg war...vielleicht kann mir dabei ja jemand helfen...

So mein nächstes Problem ist das Popup Fenster vom Winfixer!

Habe nun mit Hijack This ein Log erstellt:


Logfile of HijackThis v1.99.1
Scan saved at 22:00:35, on 08.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\****\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\geeda.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [\\***\EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P33 "\\***\EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - h**p://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - h**p://www.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - h**p://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - h**p://secure2.comned.com/signuptemplates/securelogin-devel.
cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - h**p://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.c
ab
O16 - DPF: {ABC1D8DE-CAB5-4FB7-BCD0-137BAB9F09DC} (aldisued-fotos-druck_de_bilduebertragung) - h**p://www.aldisued-fotos-druck.de/upload/aldi_sued_bilduebe
rtragung.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - h**p://as.photoprintit.de/ips-opdata/activex/IPSUploader.cab

O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - h**p://data.flatcast.com/NpFv415.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geeda - C:\WINDOWS\System32\geeda.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Ich vermute das C:\WINDOWS\System32\geeda.dll hinter den ganzen steckt...aber wie soll ich es löschen wenn der Ordner "angeblich" nicht mehr vorhanden ist...

Desweiteren funktioniert auch der befehl cmd in der Eingabeaufforderung nicht mehr...ich weis echt nicht mehr weiter...vielleicht könnt ihr mir ja helfen....

hoffe doch so

Links wurden editiert!
Privates wurde gelöscht!

Servus!
Wegen der von Dir zitierten *.dll:
Arbeite mal diese Anleitung hier ab und poste anschließend ein neues HJT-Log!
stupormundi

Hi, hab nun die von dir gepostete Anleitung durchgeführt,

hier mein neues Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:13:07, on 10.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Herzchen1\Desktop\FixVundo.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\******\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - h**p://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - h**p://www.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - h**p://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - h**p://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {ABC1D8DE-CAB5-4FB7-BCD0-137BAB9F09DC} (aldisued-fotos-druck_de_bilduebertragung) - h**p://www.aldisued-fotos-druck.de/upload/aldi_sued_bilduebertragung.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - h**p://as.photoprintit.de/ips-opdata/activex/IPSUploader.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - h**p://data.flatcast.com/NpFv415.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - h**p://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe




Das File von VBG füge ich auch hinzu...vielleicht hilfts dir ja :-)


[01/10/2006, 13:40:54] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RW8WH7S4\VirtumundoBeGone[1].exe" )
[01/10/2006, 13:40:59] - User choose NOT to continue. Exiting...

[01/10/2006, 13:54:09] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\*******\Desktop\VirtumundoBeGone.exe" )
[01/10/2006, 13:54:15] - Detected System Information:
[01/10/2006, 13:54:15] - Windows Version: 5.1.2600, Service Pack 2
[01/10/2006, 13:54:15] - Current Username: *****
[01/10/2006, 13:54:15] - Windows is in SAFE mode.
[01/10/2006, 13:54:15] - Searching for Browser Helper Objects:
[01/10/2006, 13:54:15] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/10/2006, 13:54:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 13:54:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/10/2006, 13:54:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/10/2006, 13:54:15] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/10/2006, 13:54:15] - BHO 3: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:54:15] - BHO 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} (MSEvents Object)
[01/10/2006, 13:54:15] - ALERT: Found MSEvents Object!
[01/10/2006, 13:54:15] - Finished Searching Browser Helper Objects
[01/10/2006, 13:54:15] - *** Detected MSEvents Object
[01/10/2006, 13:54:15] - Trying to remove MSEvents Object...
[01/10/2006, 13:54:16] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 13:54:17] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 13:54:17] - Disabling Automatic Shell Restart
[01/10/2006, 13:54:17] - Terminating Process: EXPLORER.EXE
[01/10/2006, 13:54:17] - Suspending the NT Session Manager System Service
[01/10/2006, 13:54:17] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 13:54:17] - Re-enabling Automatic Shell Restart
[01/10/2006, 13:54:17] - File to disable: C:\WINDOWS\System32\geeda.dll
[01/10/2006, 13:54:17] - Renaming C:\WINDOWS\System32\geeda.dll -> C:\WINDOWS\System32\geeda.dll.vir
[01/10/2006, 13:54:18] - File successfully renamed!
[01/10/2006, 13:54:18] - Removing HKLM\...\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[01/10/2006, 13:54:18] - Removing HKCR\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[01/10/2006, 13:54:18] - Adding Kill Bit for ActiveX for GUID: {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[01/10/2006, 13:54:18] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 13:54:18] - Removing HKLM\...\Winlogon\Notify\geeda
[01/10/2006, 13:54:18] - Searching for Browser Helper Objects:
[01/10/2006, 13:54:18] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/10/2006, 13:54:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 13:54:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/10/2006, 13:54:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/10/2006, 13:54:18] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/10/2006, 13:54:18] - BHO 3: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/10/2006, 13:54:18] - Finished Searching Browser Helper Objects
[01/10/2006, 13:54:18] - Finishing up...
[01/10/2006, 13:54:18] - A restart is needed.
[01/10/2006, 13:54:29] - Attempting to Restart via STOP error (Blue Screen!)

Sehr schön - und wie geht's dem Compi jetzt?
Die *.dll ist ja jetzt weg!
stupormundi

Jo Danke dir für deine Anleitung...die lästigen Popups sind nun wech :-)

Hab nur noch das Problem mit dem System32 Ordner....

Vielleicht könnt ihr mir bei dem Problem ja auch noch helfen...


Greetz

SDAler