HiJackThis check

Kør Hijackthis, scan, sæt flueben ved følgende, luk alle vinduer undtaget Hijackthis, klik på fix checked, når den er færdig, genstart.

O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - Startup: rncsys32.exe

---------------------------------------
Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
File::
C:\WINDOWS\system32\rpcc.exe
C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\rncsys32.exe

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Nøøøøøj - <Fromsej> tidligt på den *S* ...

Tak for dit svar. Jeg har gjort som du har beskrevet, her er combofix logfilen:

ComboFix 09-07-14.07 - Administrator 15-07-2009 14:29.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2002.1570 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Skrivebord\fix bummelum\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Administrator\Skrivebord\fix bummelum\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
"c:\documents and settings\Administrator\Menuen Start\Programmer\Start\rncsys32.exe"
"c:\windows\system32\rpcc.exe"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\recycler\S-1-5-21-102095748-406114455-947924252-500
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\system32\rpcc.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-06-15 til 2009-07-15  )))))))))))))))))))))))))))))))))))
.

2009-07-14 20:55 . 2009-02-05 20:06    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-07-14 20:55 . 2009-02-05 20:06    51376    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-07-14 20:55 . 2009-02-05 20:05    26944    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-07-14 20:55 . 2009-02-05 20:07    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-07-14 20:55 . 2009-02-05 20:07    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-07-14 20:55 . 2009-02-05 20:04    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-07-14 20:55 . 2009-02-05 20:08    93296    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-07-14 20:55 . 2009-02-05 20:08    94032    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-07-14 20:55 . 2009-02-05 20:11    1256296    ----a-w-    c:\windows\system32\aswBoot.exe
2009-07-14 19:03 . 2009-07-14 19:03    --------    d-sh--w-    c:\documents and settings\Administrator\IECompatCache
2009-07-14 19:01 . 2009-07-14 19:01    --------    d-sh--w-    c:\documents and settings\Administrator\PrivacIE
2009-07-13 15:10 . 2009-07-13 15:10    82380    ----a-w-    c:\windows\system32\drivers\AFS2K.SYS
2009-07-13 15:08 . 2008-04-13 18:45    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2009-07-13 15:08 . 2008-04-13 18:45    15104    ----a-w-    c:\windows\system32\dllcache\usbscan.sys
2009-07-13 15:05 . 2009-07-13 15:11    20455    ----a-w-    c:\windows\hpoins01.dat
2009-07-13 15:05 . 2003-04-05 13:45    16622    ------w-    c:\windows\hpomdl01.dat
2009-07-13 14:48 . 2009-07-13 14:48    --------    d-----w-    c:\windows\system32\NtmsData
2009-07-13 14:40 . 2009-07-13 14:40    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2009-07-13 14:36 . 2009-06-02 10:12    102912    ------w-    c:\windows\system32\dllcache\iecompat.dll
2009-07-13 14:35 . 2009-07-13 14:36    --------    d-----w-    c:\windows\ie8updates
2009-07-13 14:35 . 2009-04-30 21:15    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2009-07-13 14:35 . 2009-04-30 21:15    246272    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 14:33 . 2009-07-13 14:35    --------    dc-h--w-    c:\windows\ie8
2009-07-13 14:20 . 2009-07-13 14:20    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Hewlett-Packard
2009-07-13 14:18 . 2003-03-09 04:31    65795    ----a-r-    c:\windows\system32\HPZipm12.exe
2009-07-13 14:18 . 2003-03-09 04:31    61699    ----a-r-    c:\windows\system32\HPZinw12.exe
2009-07-13 14:18 . 2003-03-09 04:31    16080    ----a-r-    c:\windows\system32\drivers\HPZipr12.sys
2009-07-13 14:18 . 2003-03-09 04:31    51024    ----a-r-    c:\windows\system32\drivers\hpzid412.sys
2009-07-13 14:14 . 2009-07-13 14:14    --------    d-----w-    c:\programmer\Fælles filer\Hewlett-Packard
2009-07-13 14:10 . 2008-04-13 18:47    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2009-07-13 14:10 . 2008-04-13 18:47    25856    ----a-w-    c:\windows\system32\dllcache\usbprint.sys
2009-07-13 14:09 . 2008-04-13 18:45    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2009-07-13 14:09 . 2008-04-13 18:45    32128    ----a-w-    c:\windows\system32\dllcache\usbccgp.sys
2009-06-25 10:33 . 2009-06-25 10:33    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Apple
2009-06-23 18:41 . 2009-07-14 18:53    --------    d-----w-    c:\programmer\Valve
2009-06-16 14:39 . 2009-06-16 14:39    81920    ------w-    c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:39 . 2009-06-16 14:39    119808    ------w-    c:\windows\system32\dllcache\t2embed.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 12:34 . 2009-03-28 21:14    --------    d-----w-    c:\programmer\Steam
2009-07-15 12:27 . 2006-05-04 10:10    83484    ----a-w-    c:\windows\system32\perfc006.dat
2009-07-15 12:27 . 2006-05-04 10:10    459330    ----a-w-    c:\windows\system32\perfh006.dat
2009-07-14 20:48 . 2009-04-01 19:52    1    ----a-w-    c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-13 15:10 . 2008-06-23 06:11    --------    d-----w-    c:\programmer\Hewlett-Packard
2009-07-13 14:51 . 2008-06-23 06:14    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-07-13 14:51 . 2006-05-04 09:57    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-20 17:40 . 2008-06-23 06:32    73472    ----a-w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:39 . 2006-03-02 02:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2006-03-02 02:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-12 20:39 . 2009-06-12 20:39    --------    d-----w-    c:\programmer\QuickTime
2009-06-12 20:39 . 2009-06-12 20:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-12 20:39 . 2009-06-12 20:39    --------    d-----w-    c:\programmer\Apple Software Update
2009-06-12 20:39 . 2009-06-12 20:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple
2009-06-03 19:11 . 2006-03-02 02:00    1295360    ----a-w-    c:\windows\system32\quartz.dll
2009-05-13 05:05 . 2006-03-02 02:00    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2006-03-02 02:00    346624    ----a-w-    c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2006-03-02 02:00    1847168    ----a-w-    c:\windows\system32\win32k.sys
2009-06-12 21:38 . 2009-03-28 22:36    134648    ----a-w-    c:\programmer\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\steam\steam.exe" [2009-06-10 1217784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"atchk"="c:\programmer\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\programmer\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"SetRefresh"="c:\programmer\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2009-05-26 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
hp psc 1000 series.lnk - c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30    74240    ----a-r-    c:\programmer\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ      SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1171\Scripts\Logon\0\0]
"Script"=\\aktivkapitaldanmark.local\SysVol\aktivkapitaldanmark.local\scripts\NO-Offlinefolders.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1171\Scripts\Logon\1\0]
"Script"=inventory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1172\Scripts\Logon\0\0]
"Script"=\\aktivkapitaldanmark.local\SysVol\aktivkapitaldanmark.local\scripts\NO-Offlinefolders.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1172\Scripts\Logon\1\0]
"Script"=inventory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1178\Scripts\Logon\0\0]
"Script"=\\aktivkapitaldanmark.local\SysVol\aktivkapitaldanmark.local\scripts\NO-Offlinefolders.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1178\Scripts\Logon\1\0]
"Script"=inventory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1179\Scripts\Logon\0\0]
"Script"=\\aktivkapitaldanmark.local\SysVol\aktivkapitaldanmark.local\scripts\NO-Offlinefolders.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-1179\Scripts\Logon\1\0]
"Script"=inventory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-500\Scripts\Logon\0\0]
"Script"=\\aktivkapitaldanmark.local\SysVol\aktivkapitaldanmark.local\scripts\NO-Offlinefolders.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2070037969-3333975863-26598437-500\Scripts\Logon\1\0]
"Script"=inventory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Steam\\SteamApps\\aco410\\day of defeat source\\hl2.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmer\\Steam\\SteamApps\\aco410\\counter-strike\\hl.exe"=
"c:\\Programmer\\Steam\\SteamApps\\aco410\\condition zero\\hl.exe"=

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [13-06-2007 17:53 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09-10-2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14-06-2007 16:22 13184]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14-07-2009 22:55 114768]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-02-2007 20:00 26624]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [18-04-2007 19:32 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [13-06-2007 17:53 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [02-03-2006 04:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [02-03-2006 04:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14-07-2009 22:55 20560]
R2 HpFkCryptService;Drive Encryption Service;c:\programmer\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [09-07-2007 17:03 221184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmer\Intel\AMT\UNS.exe [23-06-2008 08:14 2521880]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [07-02-2007 20:00 3712]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23-01-2007 22:13 41216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance    REG_MULTI_SZ      ASBroker ASChannel
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8247497865.job
- c:\programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: &AOL Toolbar-søgning - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\da-DK\local\search.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3hmd4zlk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-3900716712-1706807462-3262393135-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,92,2b,d9,d5,22,2d,44,aa,ce,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,92,2b,d9,d5,22,2d,44,aa,ce,12,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\programmer\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmer\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\SbHpNp.dll
c:\programmer\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\programmer\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\APSHook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Intel\AMT\atchksrv.exe
c:\windows\system32\IFXTCS.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Intel\AMT\LMS.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmer\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\programmer\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Gennemført tid: 2009-07-15 14:36 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-07-15 12:36

Pre-Kørsel: 132.730.376.192 byte ledig
Post-Kørsel: 132.792.844.288 byte ledig

235    --- E O F ---    2009-06-09 22:20





Som der også står i filen har computeren (åbenbart) ikke nogen genoprettelseskonsol installeret. Combofix spurgte om jeg ville oprette en, jeg svarede ja, men den kom med en fejl: "kunne ikke finde download sti", eller lign.

Da jeg kørte combofix spurgte den desuden om den måtte opdatere programmet, da der fandtes en nyere version, jeg trykke bare nej og fortsatte, er det ok?

Fedt du gider hjælpe! Tusinde tak :-)

Der er ikke mere at komme efter.

Det med genoprettelseskonsol kan godt drille, hvis du gerne vil have den installeret kan det gøres manuelt.

Læg Windows XP-cd'en i cd-rom-drevet.
Klik på Start, og klik derefter på Kør.
Skriv d:\i386\winnt32.exe /cmdcons, hvor d er drevbogstavet for cd-rom-drevet, i feltet Åbn.
Dialogboksen Windows Installation vises. Denne dialogboks indeholder en beskrivelse af valgmuligheden Genoprettelseskonsol. Klik på Ja for at bekræfte installationen.
Genstart computeren. Næste gang du starter computeren, vises "Microsoft Windows Genoprettelseskonsol" i startmenuen.

Det giver en startmenu, hvor du kan vælge XP eller konsol.

Så siger jeg rigtig mange tak for din hjælp. Vil du lægge et svar, så du kan få nogle point? :-)

Et hurtigt lille spørgsmål: Når jeg holder musen over avast ikonet nede i højre hjørne, så står der, at 6 ud af 7 tjenester kører - før jeg rensede computeren stod der 5 ud af 7. Er det normalt, eller bør alle 7 ud af 7 køre?

Det er fuldstændig som det skal være, med 6 ud af 7 tjenester kørende, den syvende er, så vidt jeg husker en mailscanner der tilknyttes Outlook.