Boot virus hjælp

Hejsa!

Jeg er ved at ordne min fætters maskine, da han har en eller anden "boot virus", som kommer op inden selve windows når man starter maskinen.

Jeg har 3 log filer: Hijackthis, superantispyware og combofix.
- Et spørgsmål til combofix: Hvordan kan det være at mit antivirus program prevx samt mcafee kom og sagde der var virus i??

::::::::::::::::::::::::::::::::::::::::::::::::::::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:07, on 24-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\programmer\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programmer\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Prevx2\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\valve\steam\steam.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Skrivebord\ulubulu\mustafathis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmer\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\pistvæk\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmer\Prevx2\PXAgent.exe

--
End of file - 5207 bytes
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ComboFix 08-07-23.5 - Administrator 2008-07-24 22:55:21.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Skrivebord\ulubulu\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-06-24 to 2008-07-24  )))))))))))))))))))))))))))))))
.

2008-07-24 22:52 . 2008-07-24 22:52    <DIR>    d--------    C:\WINDOWS\LastGood
2008-07-24 21:35 . 2008-07-24 21:35    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-24 21:35 . 2008-07-24 21:35    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-24 21:34 . 2008-07-24 21:34    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-24 21:31 . 2008-07-24 21:35    <DIR>    d--------    C:\Programmer\pistvæk
2008-07-24 21:24 . 2008-07-24 21:24    0    --a------    C:\WINDOWS\nsreg.dat
2008-07-24 20:58 . 2008-07-24 22:39    246    --a------    C:\WINDOWS\system32\drivers\pxfsf.dat
2008-07-24 19:11 . 2008-07-24 21:19    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Prevx
2008-07-24 19:10 . 2008-07-24 23:14    <DIR>    d--------    C:\Programmer\Prevx2
2008-07-24 19:10 . 2008-07-24 20:56    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Prevx
2008-07-24 17:57 . 2008-07-24 17:57    <DIR>    d--------    C:\WINDOWS\system32\da-dk

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 17:28    ---------    d-----w    C:\Programmer\AIM
2008-07-24 17:28    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-07-24 17:27    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Aim
2008-05-07 05:16    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Steam"="c:\valve\steam\steam.exe" [2007-12-01 11:14 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Programmer\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"OASClnt"="C:\Programmer\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"PrevxOne"="C:\Programmer\Prevx2\PXConsole.exe" [2008-01-23 12:32 1997880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\pistvæk\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Valve\\Steam\\SteamApps\\slasher\\counter-strike\\hl.exe"=
"C:\\Programmer\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Microsoft Games\\Age of Mythology\\aomx.exe"=

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.dk/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 23:11:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-24 23:29:47
ComboFix-quarantined-files.txt  2008-07-24 21:29:21

Pre-Run: 111,793,147,904 byte ledig
Post-Run: 111,738,953,728 byte ledig

81    --- E O F ---    2008-07-24 15:58:11
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2008 at 10:36 PM

Application Version : 4.0.1154

Core Rules Database Version : 3513
Trace Rules Database Version: 1504

Scan type      : Complete Scan
Total Scan Time : 00:51:38

Memory items scanned      : 162
Memory threats detected  : 0
Registry items scanned    : 3062
Registry threats detected : 0
File items scanned        : 11055
File threats detected    : 4

Adware.WsnPoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\audio.dll.cla
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\system32\wsnpoem