Salve,
ho un problema con explore, quando entro mi manda alla pagina "search for...", e mi da errore roundll, dovuto a se.dll.
Ha fatto un LOG con HJ, penso di aver individuato i punti critici ma preferirei avere un vostro parere

Logfile of HijackThis v1.99.1
Scan saved at 9.34.09, on 08/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
\Gianmaria\c$\Gian\MIO\BB\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.unitn.it:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FF95E8EB-5B39-438F-8826-629BF0F0EEB3} - C:\WINNT\system32\olbc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\WINNT\system32\rc\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Vc6Ip7Gw] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0/4»}¥ Uw‡5_C:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0mÇÜÅè]wø*8@ýžáC:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0mÇè]wø*8@ýžáaþC:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\ubbqfks.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psico.unitn.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psico.unitn.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psico.unitn.it
O18 - Filter: text/html - {FF7F322B-B225-4933-B0E7-D42A75AFE51F} - C:\WINNT\system32\olbc.dll
O18 - Filter: text/plain - {FF7F322B-B225-4933-B0E7-D42A75AFE51F} - C:\WINNT\system32\olbc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC (WinVNC) - Unknown owner - C:\WINNT\system32\rc\winvnc.exe" -service (file missing)

Vi ringrazio fin da ora per la cortese attenzione, saluti
Gian Maria

Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {FF95E8EB-5B39-438F-8826-629BF0F0EEB3} - C:\WINNT\system32\olbc.dll
-
O4 - HKLM\..\Run: [Vc6Ip7Gw] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0/4»}¥ Uw‡5_C:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0mÇÜÅè]wø*8@ýžáC:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [¢ª¸ï0mÇè]wø*8@ýžáaþC:\Programmi\ISTsvc\istsvc.exe] C:\WINNT\ubwxbqsh.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
-
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\ubbqfks.exe
-
O18 - Filter: text/html - {FF7F322B-B225-4933-B0E7-D42A75AFE51F} - C:\WINNT\system32\olbc.dll
O18 - Filter: text/plain - {FF7F322B-B225-4933-B0E7-D42A75AFE51F} - C:\WINNT\system32\olbc.dll
-
O23 - Service: VNC (WinVNC) - Unknown owner - C:\WINNT\system32\rc\winvnc.exe" -service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
olbc.dll
ubwxbqsh.exe
ubwxbqsh.exe
istsvc.exe
ubbqfks.exe
==================================

SVUOTA la cartella C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

---

Collaboratore Aiutamici