about:blank-LOG

turd ferguson

folgendes problem: hab den hijacker mit adawre erst weg bekommen, wollte dann den ie updaten, windows update gestartet, active scripting etc. aktiviert, doch wieder den hijacker bekommen. ist die windows-update-funktion evtl. "verseucht"? wie kann es sonst kommen, daß unmittelbar nach dem aktivieren von java und active scripting der about:blank, der ja schon weg war, wiederkommt?

system: win98 se
hijack-log:

Logfile of HijackThis v1.98.2
Scan saved at 16:35:16, on 16.08.2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\TA 33 USB\CAPICTRL.EXE
C:\PROGRAMME\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\SPMAGIC\BIN\SMBROKER.EXE
C:\PROGRAMME\SPMAGIC\BIN\SMRCGSRV.EXE
C:\PROGRAMME\SPMAGIC\BIN\SMDISPAT.EXE
C:\PROGRAMME\SPMAGIC\BIN\SMSERVER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\PSZIP\PSZIP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://www.myhandysearch.com/s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = hxxp://www.web.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\WINDOWS\TEMP\pft12A1~TMP\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DD153F41-E19A-11D8-904C-000486104059} - C:\WINDOWS\SYSTEM\MSDOH.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - Startup: SpeechMagic Startup.lnk = SPMAGIC2\INST_BIN\SmStrtup.exe
O4 - Startup: CAPI Control.lnk = C:\Programme\TA 33 USB\Capictrl.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - hxxp://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O18 - Filter: text/html - {DD153F40-E19A-11D8-904C-0004E95CE5C2} - C:\WINDOWS\SYSTEM\MSDOH.DLL
O18 - Filter: text/plain - {DD153F40-E19A-11D8-904C-0004E95CE5C2} - C:\WINDOWS\SYSTEM\MSDOH.DLL