Virus i guess?

6 december, 2008

Hallå!

Datorn har börjat bete sig lite konstigt på senaste tiden. Den har blivit segare, något jävla FF fönster poppar upp ibland, här är den senaste länken

http:// 70.38.98.32/red.php?lid=2greatfind.com&br=firefox&url=www.google.se%2Fsearch%3Fclient%3Dfirefox-a%26rls%3Dorg.mozilla%3Asv-SE%3Aofficial%26channel%3Ds%26hl%3Dsv%26q%3D2greatfind.com%26meta%3D%26btnG%3DGoogle-s%C3%B6kning&z=SE&affid=171403&ver=112&shows=0&click1=1&click2=0&uqs=1&uid=A768EB24C3BF11DDA955171403CFFFFF&guid=AE22A6BD669243FABF73BC65798099CD&jguid=&cmp=superjuan&rid=zdez&xp=1

Och en till!

http:// 2greatfind.com/rdr2.php?sid=c28b865099f7fd452ee584548f0ed787

Här är HTJ loggen!

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:48:15, on 2008-12-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\WINDOWS\VistaDrive\VistaDrive.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\Program\Windows Live\Messenger\msnmsgr.exe

D:\Program\Windows Live\Messenger\usnsvc.exe

D:\WINDOWS\system32\rundll32.exe

D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [OutpostMonitor] D:\Program\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Program\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [startCCC] "D:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [d44c2e84] rundll32.exe "D:\WINDOWS\system32\ojiiljpi.dll",b

O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "D:\Program\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [RGSC] D:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program\Agnitum\Outpost Security Suite Pro\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - D:\Program\ekort\ekort.exe

O20 - AppInit_DLLs: d:\program\agnitum\outpos~1\wl_hook.dll kjmbyr.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\Program\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - D:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

End of file - 6569 bytes[/log]

Tack så mycket på förhand!

Ändrat så att länkarna inte är klickbara

Cecilia - Moderator för Virus, skadliga program & botemedel

[inlägget ändrat 2008-12-07 00:03:57 av Cecilia]

6 december, 2008

VistaDrive.exe

6 december, 2008

Visar hur mycket plats det är kvar på hårddiskarna. Så nej.

6 december, 2008

En jävel till, börjar bli trött nu

http:// cativern.com/go/rfe.php?cmp=vm_mg_fails_juan&uid=A768EB24C3BF11DDA955171403CFFFFF&guid=AE22A6BD669243FABF73BC65798099CD&lid=&url=this%26meta%3D%26btnG%3DGoogle-s%F6kning&affid=171403&b42=&b42=0.0015

Ändrat så att länkarna inte är klickbara

Cecilia - Moderator för Virus, skadliga program & botemedel

[inlägget ändrat 2008-12-07 00:04:34 av Cecilia]

6 december, 2008

http://www.processlibrary.com/directory/files/vistadrive/

http://www.liutilities.com/products/wintaskspro/processlibrary/vistadrive/

http://www.greatis.com/appdata/d/v/vistadrive.exe.htm

Nä...

6 december, 2008

Konstigt, har haft det sen jag installerade windows, vilket är för 3 månader sen och först nu börjar popupsen och segheten så tror nog inte det, men tar bort skiten ändå.

6 december, 2008

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan.

Upprepa proceduren med övriga filer på samma sätt.

D:\WINDOWS\system32\ojiiljpi.dll",b

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd).

Klistra in resultatet från de olika antivirusprogrammen här.

[inlägget ändrat 2008-12-06 21:38:57 av //gästen]

6 december, 2008

http://www.virustotal.com/sv/analisis/6bbfa274706058d3846f5fc50151a6ab

Verkar visst vara ett virus!

Men LXCR är skrivaren tror jag.

[inlägget ändrat 2008-12-06 22:15:05 av xaknoob]

6 december, 2008

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.malwaresupport.com/mbam/program/mbam-setup.exe

http://www.brothersoft.com/download-malwarebytes.-anti-malware-71

406.html

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för: Update Malwarebytes' Anti-Malware Launch Malwar...

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

Edit: Hade varit lite lättare om klistrat in loggen här,men det går ändå

[inlägget ändrat 2008-12-06 22:31:52 av //gästen]

6 december, 2008

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1467

Windows 5.1.2600 Service Pack 3

2008-12-06 23:17:19

mbam-log-2008-12-06 (23-17-19).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 47762

Förfluten tid: 2 minute(s), 59 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 13

Infekterade registervärden: 1

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 18

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

D:\WINDOWS\system32\qoMgeDUK.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\kjmbyr.dll (Trojan.Vundo) -> Delete on reboot.

D:\WINDOWS\system32\byXOhFvW.dll (Trojan.Vundo.H) -> Delete on reboot.

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxohfvw (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f2d0321-6e52-412a-9556-79de45a2985f} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6f2d0321-6e52-412a-9556-79de45a2985f} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ea8e4cf-3ef5-4cef-8ebf-3341272ff702} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\qomgeduk -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\qomgeduk -> Delete on reboot.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

D:\WINDOWS\system32\byXOhFvW.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\qoMgeDUK.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\KUDegMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\KUDegMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\kjmbyr.dll (Trojan.Vundo.H) -> Delete on reboot.

D:\WINDOWS\system32\ojiiljpi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ipjliijo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\urqQgDwW.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\khfDsSLE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\khfFWmkj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\mlJAQIxU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\iifGVoPF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ljJBrOGy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\lklqysif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\qoMcbaxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ssqNDvut.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\ssqOHAsp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\xxyVnoPH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.[/log]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:22:48, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

D:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\WINDOWS\system32\lxcrcoms.exe

D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program\Malwarebytes' Anti-Malware\mbam.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Windows Live\Messenger\msnmsgr.exe

D:\Program\Windows Live\Messenger\usnsvc.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll