antivirusxp08 styresystem xp fjerne virus gennemgang af hijackth

dette program har downloaded sig på computeren og bliver ved med at kræve penge for at fjerne virus. har kørt avg8,0m da der ikke var noget antivirusprogram på maskine efter at tdc tidligeprogram var udløbet. udover avg er der kørt malware.antimalvare som  fandt 77 forskellige viruser.
tilsyneladende er programmet væk , men for en god ordens skyld,
vedlægger jeg en log  hjackthis og malware-antmalvare.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:07, on 21-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Mouse\Amoumain.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\APPS\SMP\SmpSys.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
G:\spywarefri\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Programmer\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: 1457d8b9382 - C:\WINDOWS\system32\__c00F7B9.dat (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6842 bytes

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

20:04:40 21-08-2008
mbam-log-08-21-2008 (20-04-40).txt

Skan type: Hurtig skanning
Objekter skannet: 46633
Tid tilbagelagt: 8 minute(s), 55 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 17
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 17
Inficerede Filer: 19

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Power-Antivirus-2009 (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004fc59 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Programmer\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Programmer\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programmer\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009 (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Programmer\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
D:\Documents and Settings\lisa\Application Data\Power-Antivirus-2009 (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\ScreenSaver\Images\004CE6D4.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\Shared\0072FB8C.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programmer\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programmer\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\Buy.url (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\Help.url (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\HowToBuy.txt (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\ID.dat (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\License.txt (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Power-Antivirus-2009\Uninstall.exe (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Programmer\Registry Defender Platinum\backup\20-08-2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
D:\Documents and Settings\lisa\Application Data\Power-Antivirus-2009\Power-Antivirus-2009.ini (Rogue.PowerAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002840D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.