Mededeling

Collapse
No announcement yet.

Hoge processoractiviteit Avira

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hoge processoractiviteit Avira

    Er is plots wel processor activiteit bovenop wat je zou verwachten, en het leeuwendeel is van allerlei processen van het net geïnstalleerde Avira. De grootste hiervan is Avira.ServiceHost.exe, gemiddeld 35% processor activiteit:
    Click image for larger version

Name:	Processor_Avira.jpg
Views:	1
Size:	237,9 KB
ID:	1074142

    Dit treedt op direct na boot, en is nieuw.
    De pieken die je ziet, staan na een tijdje nog scherper afgetekend, en hebben een frequentie van 10 - 12 seconden.

    dorado edit:
    Afgesplitst en verplaatst naar Virus / Antivirus
    Last edited by dorado; 07-12-15, 20:18.

  • #2
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    en download Zoek.exe naar het bureaublad.
    klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
      Code:
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      (Dank dorado), hoi Juisterr, hier het zoek-logje: zoek-results-2.txt


      Het ziet er iets beter uit, maar naar mijn idee niet goed (IE uitgeschakeld):
      Click image for larger version

Name:	Processor_Avira-2.jpg
Views:	1
Size:	267,0 KB
ID:	1068584

      Is het OK deze schermafdrukken te blijven tonen ?

      Ik wil nog even vertellen dat IE 11 een dag of twee geleden is gereset, maar het is in 80% van de opstart van IE een probleem om de vorige sessie (open tabbladen) terug te zien. Bijna altijd start alleen de startpagina. Soms is in het menu 'Extra' de mogelijkheid aanwezig om de vorige sessie te herstellen, vaak is die uitgegrijsd.
      Last edited by erikdenhouter; 07-12-15, 19:18.

      Comment


      • #4
        Download OTL naar je Bureaublad
        • Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
        • Zet een vinkje bij Scan All Users.
        • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
          • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
          • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          OTL.TXT

          88888888888888888888888888888888888888888888

          OTL logfile created on: 8-12-2015 14:51:32 - Run 1
          OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thomas 2010\Desktop
          Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
          Internet Explorer (Version = 9.11.9600.18097)
          Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

          2,87 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 69,91% Memory free
          5,74 Gb Paging File | 4,44 Gb Available in Paging File | 77,39% Paging File free
          Paging file location(s): ?:\pagefile.sys [binary data]

          %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
          Drive C: | 148,89 Gb Total Space | 61,15 Gb Free Space | 41,07% Space Free | Partition Type: NTFS
          Drive D: | 147,73 Gb Total Space | 121,72 Gb Free Space | 82,39% Space Free | Partition Type: NTFS

          Computer Name: THOMAS-PC | User Name: thomas 2010 | Logged in as Administrator.
          Boot Mode: Normal | Scan Mode: All users | Quick Scan
          Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

          ========== Processes (SafeList) ==========

          PRC - [2015-12-08 14:48:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thomas 2010\Desktop\OTL.com
          PRC - [2015-11-18 13:46:14 | 000,137,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Launcher\Avira.Systray.exe
          PRC - [2015-11-18 13:44:12 | 000,250,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
          PRC - [2015-10-28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
          PRC - [2015-10-13 11:12:44 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
          PRC - [2015-10-07 16:38:40 | 000,461,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Antivirus\sched.exe
          PRC - [2015-10-07 16:38:33 | 000,433,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Antivirus\avshadow.exe
          PRC - [2015-10-07 16:38:31 | 000,461,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Antivirus\avguard.exe
          PRC - [2015-10-07 16:38:30 | 000,782,520 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\Antivirus\avgnt.exe
          PRC - [2015-09-30 18:46:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
          PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
          PRC - [2011-11-15 18:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
          PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
          PRC - [2008-01-22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


          ========== Modules (No Company Name) ==========

          MOD - [2015-11-23 20:31:09 | 019,547,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b92e4d284cdd9304c0969091f655f098\ System.ServiceModel.ni.dll
          MOD - [2015-11-23 20:30:08 | 002,964,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\59831247953665c7d8054da43f0cf9ab \System.IdentityModel.ni.dll
          MOD - [2015-11-23 20:18:53 | 018,753,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2d4e39155c2bb981dec00b0fe2dc8667 \PresentationFramework.ni.dll
          MOD - [2015-11-23 20:18:30 | 011,014,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\28b853c62fe0ee15d56b99afeceacc5e\Pre sentationCore.ni.dll
          MOD - [2015-11-23 20:18:19 | 003,904,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsB ase.ni.dll
          MOD - [2015-11-23 20:18:11 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac49b0362a9648df9d2f437d27ff54ff \System.Windows.Forms.ni.dll
          MOD - [2015-11-23 20:17:58 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.C ore.ni.dll
          MOD - [2015-11-23 20:17:57 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d \System.Configuration.ni.dll
          MOD - [2015-11-23 20:15:44 | 000,218,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\339dea31bc0a1a0a99ff83830bfe70af \System.ServiceProcess.ni.dll
          MOD - [2015-11-23 20:15:31 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe41e3eae34ac29f3c1f03a03d8aa1af\Syste m.Drawing.ni.dll
          MOD - [2015-11-23 18:35:52 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
          MOD - [2015-11-23 18:34:54 | 000,396,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8092ad8ffb37d779da3984d6e11e7516\Syst em.Xml.Linq.ni.dll
          MOD - [2015-11-23 18:34:54 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiag nostics.ni.dll
          MOD - [2015-11-23 18:33:34 | 007,416,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\59dc72440f000eead00c5c580bed26b3\System.D ata.ni.dll
          MOD - [2015-11-23 18:15:02 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\232495ea0368dada2d208c51f0e5349c\UI AutomationTypes.ni.dll
          MOD - [2015-11-23 18:14:57 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\92edcd808511b7f4b642f922f8ebc31c \PresentationFramework-SystemXmlLinq.ni.dll
          MOD - [2015-11-23 18:14:56 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9e42fe7c83345249b5dde1693d1bf8b5 \PresentationFramework-SystemXml.ni.dll
          MOD - [2015-11-23 18:14:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\825c2900a23128a2fd3de768abc9b023 \PresentationFramework-SystemData.ni.dll
          MOD - [2015-11-23 17:50:11 | 001,054,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\736256bbeb4557664ef1d22ce2b8cd47 \System.ComponentModel.Composition.ni.dll
          MOD - [2015-11-23 17:49:35 | 000,458,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\5e3e26e6c81809aab854ea76a884fde2 \PresentationFramework.Aero.ni.dll
          MOD - [2015-11-23 17:49:32 | 002,554,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\19e39fd21583dacdbf083aef2e0ae4a3\Sys tem.Data.Linq.ni.dll
          MOD - [2015-11-23 17:49:12 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.X aml.ni.dll
          MOD - [2015-11-23 17:47:37 | 002,855,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209 \System.Runtime.Serialization.ni.dll
          MOD - [2015-11-23 17:47:36 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56 \System.ServiceModel.Internals.ni.dll
          MOD - [2015-11-23 17:46:21 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xm l.ni.dll
          MOD - [2015-11-23 17:45:47 | 000,146,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\Syst em.Numerics.ni.dll
          MOD - [2015-11-23 17:45:24 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni .dll


          ========== Services (SafeList) ==========

          SRV - [2015-11-23 14:46:19 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
          SRV - [2015-11-18 13:44:12 | 000,250,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
          SRV - [2015-10-30 23:36:30 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
          SRV - [2015-10-28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
          SRV - [2015-10-07 16:38:40 | 000,461,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\Antivirus\sched.exe -- (AntiVirSchedulerService)
          SRV - [2015-10-07 16:38:33 | 001,147,720 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\Antivirus\avwebg7.exe -- (AntiVirWebService)
          SRV - [2015-10-07 16:38:32 | 000,932,912 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\Antivirus\avmailc7.exe -- (AntiVirMailService)
          SRV - [2015-10-07 16:38:31 | 000,461,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\Antivirus\avguard.exe -- (AntiVirService)
          SRV - [2015-07-22 18:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
          SRV - [2015-07-09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
          SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
          SRV - [2011-11-15 18:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
          SRV - [2011-05-17 17:37:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
          SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
          SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
          SRV - [2009-04-29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
          SRV - [2008-01-22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


          ========== Driver Services (SafeList) ==========

          DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
          DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
          DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
          DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SjyPkt.sys -- (SjyPkt)
          DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
          DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192cu.sys -- (RTL8192cu)
          DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
          DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\THOMAS~1\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
          DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
          DRV - [2015-12-02 00:16:40 | 000,112,408 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Users\thomas 2010\Erik_werkmap nov-2015\Emisoft\bin\epp32.sys -- (epp32)
          DRV - [2015-10-07 16:38:48 | 000,031,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
          DRV - [2015-10-07 16:38:32 | 000,055,912 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avnetflt.sys -- (avnetflt)
          DRV - [2015-10-07 16:38:31 | 000,136,728 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
          DRV - [2015-10-07 16:38:31 | 000,108,448 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
          DRV - [2015-10-07 16:38:31 | 000,037,896 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
          DRV - [2013-10-02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
          DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
          DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
          DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
          DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
          DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
          DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
          DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
          DRV - [2010-07-09 11:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
          DRV - [2010-01-13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
          DRV - [2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
          DRV - [2009-07-14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
          DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
          DRV - [2009-07-13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
          DRV - [2009-04-29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
          DRV - [2007-11-09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


          ========== Standard Registry (SafeList) ==========


          ========== Internet Explorer ==========

          IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
          IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


          IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
          IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
          IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

          IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
          IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
          IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/?gws_rd=ssl
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\..\SearchScopes\{6772E0EC-6425-4F7F-A520-24F2376B31CC}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\..\SearchScopes\{FCAC0CAB-35C6-4BA7-A2E1-A2F064922A11}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          IE - HKU\S-1-5-21-2483101598-1079602934-1415625033-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


          ========== FireFox ==========

          FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
          FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
          FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
          FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
          FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
          FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
          FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
          FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



          O1 HOSTS File: ([2015-12-05 21:07:36 | 000,000,832 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
          O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
          O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
          O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
          O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
          O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
          O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
          O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
          O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
          O4 - Startup: C:\Users\thomas 2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
          O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
          O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
          O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
          O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
          O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
          O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.99
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6711B1-56DD-436F-AC9F-1E0A049FBF14}: DhcpNameServer = 192.168.1.99
          O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
          O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
          O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
          O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
          O32 - HKLM CDRom: AutoRun - 1
          O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
          O34 - HKLM BootExecute: (autocheck autochk *)
          O35 - HKLM\..comfile [open] -- "%1" %*
          O35 - HKLM\..exefile [open] -- "%1" %*
          O37 - HKLM\...com [@ = comfile] -- "%1" %*
          O37 - HKLM\...exe [@ = exefile] -- "%1" %*
          O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
          O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
          O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

          ========== Files/Folders - Created Within 30 Days ==========

          [2015-12-08 14:48:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\thomas 2010\Desktop\OTL.com
          [2015-12-07 19:52:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
          [2015-12-07 19:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
          [2015-12-07 19:50:10 | 000,000,000 | ---D | C] -- C:\Windows\Temp
          [2015-12-07 19:50:10 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\AppData\Local\Temp
          [2015-12-05 22:59:13 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\AppData\Roaming\Avira
          [2015-12-05 22:57:09 | 000,031,848 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ssmdrv.sys
          [2015-12-05 22:57:03 | 000,136,728 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
          [2015-12-05 22:57:03 | 000,108,448 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
          [2015-12-05 22:57:03 | 000,055,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
          [2015-12-05 22:57:03 | 000,037,896 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
          [2015-12-05 22:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
          [2015-12-05 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
          [2015-12-05 22:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
          [2015-12-05 21:52:04 | 003,480,040 | ---- | C] (McAfee, Inc.) -- C:\Users\thomas 2010\Desktop\MCPR.exe
          [2015-12-05 21:31:15 | 000,000,000 | ---D | C] -- C:\zoek_backup
          [2015-12-04 11:33:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\thomas 2010\Desktop\dds.com
          [2015-12-04 11:28:05 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\thomas 2010\Desktop\mbam-setup-2.2.0.1024.exe
          [2015-11-26 23:44:06 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\Erik_werkmap nov-2015
          [2015-11-24 12:56:00 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\AppData\Local\GWX
          [2015-11-24 12:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
          [2015-11-24 12:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
          [2015-11-24 12:07:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
          [2015-11-24 11:42:43 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\Tracing
          [2015-11-23 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\AppData\Local\Skype
          [2015-11-23 21:09:29 | 000,000,000 | --SD | C] -- C:\Windows\System32\GWX
          [2015-11-23 21:09:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\appraiser
          [2015-11-22 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
          [2015-11-21 23:10:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
          [2015-11-21 19:57:59 | 000,000,000 | ---D | C] -- C:\Users\thomas 2010\AppData\Roaming\HD Tune Pro
          [2015-11-21 19:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
          [2015-11-21 16:56:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
          [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

          ========== Files - Modified Within 30 Days ==========

          [2015-12-08 14:48:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thomas 2010\Desktop\OTL.com
          [2015-12-08 14:46:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
          [2015-12-08 14:40:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
          [2015-12-08 13:23:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
          [2015-12-08 13:23:43 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
          [2015-12-08 10:40:00 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
          [2015-12-08 09:50:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
          [2015-12-07 20:15:14 | 000,007,590 | ---- | M] () -- C:\Users\thomas 2010\AppData\Local\resmon.resmoncfg
          [2015-12-07 20:10:41 | 000,273,372 | ---- | M] () -- C:\Users\thomas 2010\Desktop\Processor_Avira-2.jpg
          [2015-12-07 19:51:09 | 2312,110,080 | -HS- | M] () -- C:\hiberfil.sys
          [2015-12-07 19:29:16 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
          [2015-12-07 19:27:50 | 001,309,184 | ---- | M] () -- C:\Users\thomas 2010\Desktop\zoek.exe
          [2015-12-05 22:51:33 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Avira Launcher.lnk
          [2015-12-05 21:52:05 | 003,480,040 | ---- | M] (McAfee, Inc.) -- C:\Users\thomas 2010\Desktop\MCPR.exe
          [2015-12-05 21:07:36 | 000,000,832 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
          [2015-12-04 21:43:50 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
          [2015-12-04 17:33:23 | 338,976,155 | ---- | M] () -- C:\Windows\MEMORY.DMP
          [2015-12-04 11:34:31 | 000,380,416 | ---- | M] () -- C:\Users\thomas 2010\Desktop\hih1s39c.exe
          [2015-12-04 11:33:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\thomas 2010\Desktop\dds.com
          [2015-12-04 11:32:19 | 001,736,704 | ---- | M] () -- C:\Users\thomas 2010\Desktop\adwcleaner_5.023.exe
          [2015-12-04 11:28:09 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\thomas 2010\Desktop\mbam-setup-2.2.0.1024.exe
          [2015-12-02 12:31:47 | 000,749,008 | ---- | M] () -- C:\Windows\System32\perfh013.dat
          [2015-12-02 12:31:47 | 000,657,422 | ---- | M] () -- C:\Windows\System32\perfh009.dat
          [2015-12-02 12:31:47 | 000,155,018 | ---- | M] () -- C:\Windows\System32\perfc013.dat
          [2015-12-02 12:31:47 | 000,123,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
          [2015-12-02 11:20:55 | 000,001,238 | ---- | M] () -- C:\Users\thomas 2010\Desktop\Start Emsisoft Emergency Kit.lnk
          [2015-11-26 23:48:03 | 000,001,121 | ---- | M] () -- C:\Users\thomas 2010\Desktop\Erik_werkmap nov-2015 Snelk.lnk
          [2015-11-24 19:10:14 | 000,001,399 | ---- | M] () -- C:\Users\thomas 2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
          [2015-11-24 12:07:25 | 000,002,679 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
          [2015-11-23 21:20:16 | 000,002,249 | ---- | M] () -- C:\Users\thomas 2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
          [2015-11-23 21:13:21 | 000,410,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
          [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

          ========== Files Created - No Company Name ==========

          [2015-12-07 20:10:41 | 000,273,372 | ---- | C] () -- C:\Users\thomas 2010\Desktop\Processor_Avira-2.jpg
          [2015-12-07 19:50:11 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
          [2015-12-07 19:27:50 | 001,309,184 | ---- | C] () -- C:\Users\thomas 2010\Desktop\zoek.exe
          [2015-12-05 22:51:32 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Avira Launcher.lnk
          [2015-12-04 17:18:38 | 338,976,155 | ---- | C] () -- C:\Windows\MEMORY.DMP
          [2015-12-04 11:34:31 | 000,380,416 | ---- | C] () -- C:\Users\thomas 2010\Desktop\hih1s39c.exe
          [2015-12-04 11:32:19 | 001,736,704 | ---- | C] () -- C:\Users\thomas 2010\Desktop\adwcleaner_5.023.exe
          [2015-12-02 11:20:55 | 000,001,238 | ---- | C] () -- C:\Users\thomas 2010\Desktop\Start Emsisoft Emergency Kit.lnk
          [2015-11-26 23:44:38 | 000,001,121 | ---- | C] () -- C:\Users\thomas 2010\Desktop\Erik_werkmap nov-2015 Snelk.lnk
          [2015-11-26 23:40:16 | 011,698,052 | ---- | C] () -- C:\Users\thomas 2010\Desktop\110514_Thomas_moederdag_6798.jpg
          [2015-11-26 23:40:16 | 009,289,592 | ---- | C] () -- C:\Users\thomas 2010\Desktop\110514_Thomas_moederdag_6762-2.jpg
          [2015-11-24 19:10:14 | 000,001,405 | ---- | C] () -- C:\Users\thomas 2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
          [2015-11-24 19:10:14 | 000,001,399 | ---- | C] () -- C:\Users\thomas 2010\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
          [2015-11-23 21:43:51 | 000,002,679 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
          [2015-11-23 19:52:06 | 000,016,303 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
          [2015-11-23 01:54:13 | 000,007,590 | ---- | C] () -- C:\Users\thomas 2010\AppData\Local\resmon.resmoncfg
          [2015-11-22 22:42:16 | 000,001,270 | ---- | C] () -- C:\Users\thomas 2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
          [2014-01-23 17:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
          [2014-01-23 17:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
          [2014-01-23 17:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
          [2014-01-23 17:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
          [2012-03-23 23:50:21 | 000,002,048 | ---- | C] () -- C:\Users\thomas 2010\AppData\Roaming\The Picture Company Prefs

          ========== ZeroAccess Check ==========

          [2009-07-14 05:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

          [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

          [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

          [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
          "" = %SystemRoot%\system32\shell32.dll -- [2015-08-06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
          "ThreadingModel" = Apartment

          [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
          "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
          "ThreadingModel" = Free

          [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
          "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
          "ThreadingModel" = Both

          ========== LOP Check ==========

          [2013-10-25 10:30:52 | 000,000,000 | ---D | M] -- C:\Users\thomas 2010\AppData\Roaming\ControlCenter4
          [2015-11-21 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\thomas 2010\AppData\Roaming\HD Tune Pro
          [2012-03-23 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\thomas 2010\AppData\Roaming\The Picture Company
          [2011-05-18 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\thomas 2010\AppData\Roaming\WinBatch

          ========== Purity Check ==========



          < End of report >

          Comment


          • #6
            OTL Extras logfile created on: 8-12-2015 14:51:32 - Run 1
            OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thomas 2010\Desktop
            Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
            Internet Explorer (Version = 9.11.9600.18097)
            Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

            2,87 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 69,91% Memory free
            5,74 Gb Paging File | 4,44 Gb Available in Paging File | 77,39% Paging File free
            Paging file location(s): ?:\pagefile.sys [binary data]

            %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
            Drive C: | 148,89 Gb Total Space | 61,15 Gb Free Space | 41,07% Space Free | Partition Type: NTFS
            Drive D: | 147,73 Gb Total Space | 121,72 Gb Free Space | 82,39% Space Free | Partition Type: NTFS

            Computer Name: THOMAS-PC | User Name: thomas 2010 | Logged in as Administrator.
            Boot Mode: Normal | Scan Mode: All users | Quick Scan
            Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

            ========== Extra Registry (SafeList) ==========


            ========== File Associations ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
            .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
            .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

            [HKEY_USERS\S-1-5-21-2483101598-1079602934-1415625033-1000\SOFTWARE\Classes\<extension>]
            .html [@ = RocketHTML.DUNESRLCVEXMJDHC53N57ZGKS4] -- Reg Error: Key error. File not found

            ========== Shell Spawning ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
            batfile [open] -- "%1" %*
            cmdfile [open] -- "%1" %*
            comfile [open] -- "%1" %*
            cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
            exefile [open] -- "%1" %*
            helpfile [open] -- Reg Error: Key error.
            hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
            htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
            inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
            piffile [open] -- "%1" %*
            regfile [merge] -- Reg Error: Key error.
            scrfile [config] -- "%1"
            scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
            scrfile [open] -- "%1" /S
            txtfile [edit] -- Reg Error: Key error.
            Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
            Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
            Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
            Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
            Folder [explore] -- Reg Error: Value error.
            Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

            ========== Security Center Settings ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
            "cval" = 1

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
            "VistaSp1" = Reg Error: Unknown registry data type -- File not found
            "AntiVirusOverride" = 0
            "AntiSpywareOverride" = 0
            "FirewallOverride" = 0

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

            ========== Firewall Settings ==========

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
            "DisableNotifications" = 0
            "EnableFirewall" = 1
            "DoNotAllowExceptions" = 0

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
            "DisableNotifications" = 0
            "EnableFirewall" = 1
            "DoNotAllowExceptions" = 0

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
            "DisableNotifications" = 0
            "EnableFirewall" = 1
            "DoNotAllowExceptions" = 0

            ========== Authorized Applications List ==========


            ========== Vista Active Open Ports Exception List ==========

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
            "{01EBE6BB-E204-462F-A677-27EA3D8A3414}" = rport=139 | protocol=6 | dir=out | app=system |
            "{01EE90A0-7008-4CA8-BFE7-DE27DE120DD4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
            "{027B7BC4-6B6B-45A4-BC42-558A0C7834DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
            "{0D26CAD3-6405-48FD-AF9C-7422EB208F84}" = lport=445 | protocol=6 | dir=in | app=system |
            "{10F8E9F3-8505-4A9B-90AD-B675DB6F09B9}" = lport=139 | protocol=6 | dir=in | app=system |
            "{120D13AF-CB4D-4E68-A08C-7DDDD76F2834}" = lport=138 | protocol=17 | dir=in | app=system |
            "{20BE67EE-4CC7-4483-A639-2BFEF400525F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{233F7819-C523-4CCB-BA59-56C0315A249F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{2446FB06-E6FD-4B39-BEE7-59E33FFB7D65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
            "{3CF72179-0F43-4EA0-ABC3-8D3E8A5C92FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
            "{509CCDE4-343B-427E-AA8B-026BA1393D05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{585E75F0-1038-4096-85A0-44666B8D6286}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
            "{5BD3AD3C-2836-4798-AAB5-A79C9769F309}" = rport=445 | protocol=6 | dir=out | app=system |
            "{5D2655B6-BD0C-41F9-80FC-693AEFA86DFE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
            "{6F9076F2-D18B-40C3-83C7-955FBBC688B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{7AAFE08D-E1EE-4ECE-A9DF-B9136A5E3467}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
            "{8967BA90-53D8-49EC-95ED-CC01A962EC31}" = lport=10243 | protocol=6 | dir=in | app=system |
            "{8CCB5D46-5E77-4C03-A631-69A201A30B78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
            "{9DE08DAB-BC5F-4433-A69B-672E9DBB1259}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
            "{9F1CDF1D-FE5C-4880-A538-1E62532B2620}" = lport=2869 | protocol=6 | dir=in | app=system |
            "{A205D608-87D9-453F-982B-93B27F9F954A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
            "{A720E315-0780-47B7-A470-0DF5BC057E18}" = lport=137 | protocol=17 | dir=in | app=system |
            "{B0802C48-DF37-406A-9268-B172902FF73F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
            "{B63A8747-7A5A-4462-9C63-806D0F9D8B09}" = rport=137 | protocol=17 | dir=out | app=system |
            "{B80121DA-D6BF-4034-8360-04FCBEE6850F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
            "{CDC23578-8B63-4964-A8C7-54D2C2271C60}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
            "{DED41DA3-B9DB-4188-8D38-23C9EC2B0146}" = rport=138 | protocol=17 | dir=out | app=system |
            "{E04FCFBD-DB0A-4883-BC6D-388DFA95DD49}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{E3888071-510B-48B9-ADCD-D4AED8BE933A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
            "{ED172CCE-E00C-4F85-9BE3-F3257C63AFD0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
            "{F1FB8369-434D-4A74-81B6-3325AFA8FBF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
            "{F2097B1B-36DE-432D-80C1-BC3C9F63E5F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
            "{F2BCC399-A908-4289-9526-3D44EEDDB280}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
            "{F76ED9A3-68ED-4187-8269-77BDF330802B}" = rport=10243 | protocol=6 | dir=out | app=system |

            ========== Vista Active Application Exception List ==========

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
            "{011288AA-17E8-40F2-8B51-5B1E2047A90D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
            "{039C8596-DF52-4BE3-B680-B9B3C9418384}" = protocol=58 | dir=in | [email protected],-28545 |
            "{0ADA899D-5BF9-427A-A575-15F2398A2C8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
            "{1FAEDB95-6F1D-480B-8592-2E389993159F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
            "{494256BD-0DCF-404F-912C-8F057264A3AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
            "{54BF13C1-57E0-44C2-8DF1-E3667EBF9F36}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
            "{6B65EC19-4875-49B1-8646-2A457286D6C1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
            "{7592CA09-7A68-4909-A279-4BAD544B4939}" = protocol=58 | dir=out | [email protected],-28546 |
            "{7ED6B4E5-BC13-40A1-A19E-4F9110D7C8B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
            "{869EF970-1AF1-45B9-99D7-4D3090758F2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
            "{8D6EBA6F-3F8D-4F19-9ADF-53055090480C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
            "{8EE5B1CD-622A-43A8-8C18-2A85586420FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
            "{916887F2-3591-4BB4-A251-97B334A3B50A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
            "{92CA7CD1-FBAA-4F99-89ED-F363088A07A2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
            "{97B7D793-F020-4ACC-94E1-C07F7F246B0E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
            "{A336F7C2-D138-49E2-B25D-BF722DE958BD}" = protocol=1 | dir=out | [email protected],-28544 |
            "{B03E6BAC-7948-4F4C-BE7F-02834E2F61F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
            "{C4CD3CFA-54E2-4C04-9D49-0EAA37B5C72F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
            "{D1671FE9-B250-499D-A263-A423976398D9}" = protocol=1 | dir=in | [email protected],-28543 |
            "{D86CAF47-E2A0-43A0-AC20-A7798B662647}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
            "{D9625BD1-1F12-45FB-9DA6-B80FDC5C4C46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
            "{E2BF7D43-7F8B-4249-98A3-116233C29D6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
            "{ED99A0A3-CD18-4EC1-B754-E82090DAD724}" = protocol=6 | dir=out | app=system |
            "{F0FAE452-3A11-4302-B91B-EC6E9532D669}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
            "{F36B6779-CD8E-4224-858B-08E22E42DA16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
            "{F90F7D9A-47D1-4EEC-AA4F-5CFF2BC89583}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
            "TCP Query User{48F43B61-9E5C-4BF8-A7DB-3A8D1589E3DA}C:\program files\panda security\panda internet security 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda internet security 2012\apvxdwin.exe |
            "UDP Query User{19EA48A8-6F45-420C-B671-78F510F0ABA6}C:\program files\panda security\panda internet security 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda internet security 2012\apvxdwin.exe |

            ========== HKEY_LOCAL_MACHINE Uninstall List ==========

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
            "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
            "{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}" = Brother MFL-Pro Suite DCP-J140W
            "{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
            "{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
            "{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}" = Avira Launcher
            "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
            "{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.14
            "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
            "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
            "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
            "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
            "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
            "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
            "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
            "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
            "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
            "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
            "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
            "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
            "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
            "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
            "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
            "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
            "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
            "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
            "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
            "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
            "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
            "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043" = Microsoft .NET Framework 4.5.2 (Nederlands)
            "{95140000-0081-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
            "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
            "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
            "{9D67E683-1144-4C0C-A9F3-5171F7678FF3}" = Avira Launcher
            "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
            "{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
            "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.13) - Nederlands
            "{D4EE62A5-B4BC-3C6C-9CF9-083AFC45F201}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD
            "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
            "{EF4AD932-A4FB-481F-97C7-7CCAD7E3ADFF}" = ACSI Camp Site Guide Europe 2008
            "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
            "{F9062696-5B87-39CC-90CE-DA256689262D}" = Microsoft .NET Framework 4.5.2 (NLD)
            "{FBA71ADC-C8B7-4635-889B-773AC7B18470}" = ACSI Camp Site Guide Europe 2009
            "Adobe Flash Player ActiveX" = Adobe Flash Player 19 ActiveX
            "Avira Antivirus" = Avira Antivirus
            "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
            "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
            "Google Chrome" = Google Chrome
            "HD Tune Pro_is1" = HD Tune Pro 5.60
            "InstallShield_{EF4AD932-A4FB-481F-97C7-7CCAD7E3ADFF}" = ACSI Camp Site Guide Europe 2008
            "InstallShield_{FBA71ADC-C8B7-4635-889B-773AC7B18470}" = ACSI Camp Site Guide Europe 2009
            "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
            "Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD" = Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD
            "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
            "PC Wizard 2010_is1" = PC Wizard 2010.1.96
            "Picasa 3" = Picasa 3
            "SynTPDeinstKey" = Synaptics Pointing Device Driver

            ========== HKEY_USERS Uninstall List ==========

            [HKEY_USERS\S-1-5-21-2483101598-1079602934-1415625033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken

            ========== Last 20 Event Log Errors ==========

            [ Application Events ]
            Error - 8-12-2015 9:51:28 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:51:28.348]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:52:37 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:52:37.503]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:53:48 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:53:48.343]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:54:57 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:54:57.498]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:56:07 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:56:07.354]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:57:17 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:57:17.352]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:58:27 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:58:27.350]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 9:59:36 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 14:59:36.505]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 10:00:45 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 15:00:45.660]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            Error - 8-12-2015 10:01:55 | Computer Name = thomas-PC | Source = Brother BrLog | ID = 1001
            Description = STI BrtSTI: [2015/12/08 15:01:55.361]: [00001892]: SendSKeySettingToDevice::
            Snmp Load Error[-1] To[192.168.1.102]

            [ Media Center Events ]
            Error - 15-12-2014 9:48:35 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 14:48:29 - Kan Broadband niet ophalen (Fout: Kan geen verbinding met
            de externe server maken)

            Error - 16-12-2014 5:26:55 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 10:26:55 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 16-12-2014 7:59:04 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 12:58:46 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 16-12-2014 11:07:57 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 16:07:39 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 17-12-2014 10:04:34 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 15:04:32 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 17-12-2014 16:43:42 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 21:43:31 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 5-1-2015 6:24:35 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 11:24:34 - Kan Directory niet ophalen (Fout: Kan geen verbinding met
            de externe server maken)

            Error - 8-1-2015 7:35:23 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 12:35:22 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 10-1-2015 16:13:40 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 21:13:37 - Kan MCESpotlight niet ophalen (Fout: Kan geen verbinding
            met de externe server maken)

            Error - 15-1-2015 4:25:25 | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
            Description = 9:25:02 - Fout bij verbinden met internet. 9:25:03 - Kan geen contact
            maken met server..

            [ System Events ]
            Error - 7-12-2015 14:47:50 | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7030
            Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
            Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
            toegestaan. Deze service werkt mogelijk niet juist.

            Error - 7-12-2015 14:47:51 | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7030
            Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
            Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
            toegestaan. Deze service werkt mogelijk niet juist.

            Error - 7-12-2015 14:47:51 | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7030
            Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
            Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
            toegestaan. Deze service werkt mogelijk niet juist.

            Error - 7-12-2015 14:47:52 | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7030
            Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
            Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
            toegestaan. Deze service werkt mogelijk niet juist.

            Error - 7-12-2015 14:51:19 | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
            Description = De PCASp50 NDIS Protocol Driver-service kan vanwege de volgende fout
            niet worden gestart: %%2

            Error - 7-12-2015 14:52:24 | Computer Name = thomas-PC | Source = DCOM | ID = 10016
            Description =

            Error - 7-12-2015 14:52:36 | Computer Name = thomas-PC | Source = DCOM | ID = 10016
            Description =

            Error - 7-12-2015 18:42:43 | Computer Name = thomas-PC | Source = Schannel | ID = 36888
            Description = De volgende melding van een onherstelbare fout is gegenereerd: 10.
            De interne foutstatus is 10.

            Error - 7-12-2015 18:42:43 | Computer Name = thomas-PC | Source = Schannel | ID = 36888
            Description = De volgende melding van een onherstelbare fout is gegenereerd: 10.
            De interne foutstatus is 10.

            Error - 7-12-2015 18:42:43 | Computer Name = thomas-PC | Source = Schannel | ID = 36888
            Description = De volgende melding van een onherstelbare fout is gegenereerd: 10.
            De interne foutstatus is 10.


            < End of report >

            Comment


            • #7
              Ik geloof niet dat ik nog adware oid zie.

              Start OTL
              • Plak het volgende onder Custom Scans/Fixes


                :Commands
                [createrestorepoint]

                :OTL

                :Services

                :Reg

                :Files
                ipconfig /flushdns /c

                :Commands
                [purity]
                [resethosts]
                [emptytemp]
                [emptyflash]

                [reboot]
              • Klik daarna bovenaan op de knop Run Fix
              • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Ga ik zo doen.

                Eerst even vertellen dat ik IE nu wat intensiever heb gebruikt, en heel af en toe pop-ups ben tegen gekomen die ik niet gewend ben. Probleem is dat ik nooit surf met IE, ik zelf gebruik Firefox, dus hoe vaak zie je dat bij een normaal gebruik van IE.

                Comment


                • #9
                  Tijdens de run van het script kwam de volgende fout:

                  avgnt.exe - Toepasssingsfout
                  De instructie op 0x650fec03 verwijst naar geheugen op 0x00000020.
                  Een lees- of schrijfbewerking op het geheugen is mislukt: read



                  Dit log popte op na herstart wat nog wel door OTL gevraagd werd, het processorgedrag is hetzelfde.:

                  88888888888888888888888888888888888888888888

                  All processes killed
                  ========== COMMANDS ==========
                  Restore point Set: OTL Restore Point
                  Error: Unable to interpret < :OTL> in the current context!
                  Error: Unable to interpret < :Services> in the current context!
                  Error: Unable to interpret < :Reg> in the current context!
                  Error: Unable to interpret < :Files> in the current context!
                  Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
                  Error: Unable to interpret < :Commands> in the current context!
                  File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
                  Error: Unble to create default HOSTS file!

                  [EMPTYTEMP]

                  User: All Users

                  User: Default
                  ->Temp folder emptied: 0 bytes
                  ->Temporary Internet Files folder emptied: 0 bytes

                  User: Default User
                  ->Temp folder emptied: 0 bytes
                  ->Temporary Internet Files folder emptied: 0 bytes

                  User: Public

                  User: test

                  User: thomas 2010
                  ->Temp folder emptied: 245417 bytes
                  ->Temporary Internet Files folder emptied: 374774871 bytes
                  ->Java cache emptied: 8196 bytes
                  ->Google Chrome cache emptied: 0 bytes
                  ->Flash cache emptied: 824 bytes

                  %systemdrive% .tmp files removed: 0 bytes
                  %systemroot% .tmp files removed: 0 bytes
                  %systemroot%\System32 .tmp files removed: 0 bytes
                  %systemroot%\System32\drivers .tmp files removed: 0 bytes
                  Windows Temp folder emptied: 0 bytes
                  RecycleBin emptied: 41883951 bytes

                  Total Files Cleaned = 398,00 mb


                  [EMPTYFLASH]

                  User: All Users

                  User: Default

                  User: Default User

                  User: Public

                  User: test

                  User: thomas 2010
                  ->Flash cache emptied: 0 bytes

                  Total Flash Files Cleaned = 0,00 mb


                  OTL by OldTimer - Version 3.2.69.0 log created on 12082015_165544

                  Files\Folders moved on Reboot...
                  File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
                  C:\Users\thomas 2010\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
                  C:\Users\thomas 2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
                  C:\Users\thomas 2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

                  PendingFileRenameOperations files...

                  Registry entries deleted on Reboot...
                  Last edited by erikdenhouter; 08-12-15, 16:41.

                  Comment


                  • #10
                    Is het nu beter intussen.

                    Die popups is dat reclame die door ad-blocker te vermijden is ?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Gedrag is nog te stroperig, en processor raast echt veel te hoog. Hier gelijk na boot:
                      Click image for larger version

Name:	Processor_Avira-3.jpg
Views:	1
Size:	268,6 KB
ID:	1068590
                      De blauwe lijn is het totaal van twee kernen.

                      Naast de draadloze verbinding in het netwerkoverzicht staat er ook een 'draadloze verbinding 3' waar ik de herkomst niet van ken. Er staat alleen dat er geen verbinding met deze adapter is, maar hoe hem te verwijderen weet ik niet. Wel heb ik drie niet gebruikte draadloze adapters bij de software moeten verwijderen, want dat waren korte experimentjes van mijn broer om zijn verbinding te verbeteren. Hij heeft waarschijnlijk een paar USB adapters ingeprikt en geprobeerd.
                      Ik heb alleen niet de indruk dat dat de oorzaak zal zijn van die processor activiteit.
                      Last edited by erikdenhouter; 08-12-15, 18:41.

                      Comment


                      • #12
                        Wil je de modem eens resetten door de stroom eraf te halen voor minstens 30 seconden, laat hem dan opstarten zonder verbinding met de computer(s). Als hij klaar is met opstarten kan je de computer ( de hoofdcomputer) weer aansluiten.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Ik zit al een tijdje off-line te proberen, schakelaar wireless adapter staat uit, kabel er uit.
                          Toch die activiteit.
                          Ben nu services via msconfig aan het elimineren, en kwam voor een deel flinke activiteit tegen (spikes met die frequentie van 10 sec.) van Avira Service Host. Verklaart niet alles, maar wel die frequentie, en onrust.

                          Comment


                          • #14
                            Probeer het eens helemaal te verwijderen, je kan hem altijd weer installeren.



                            1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar Avira.
                            2. Volg hierna de onderstaande instructies.


                            1. Download Uninstallation package for Windows NT, 2000 and XP naar het bureaublad.
                            2. Download Avira AntiVir RegistryCleaner naar het bureaublad.

                            • Pak de beide "ZIP" bestanden uit op het bureaublad.
                            • Start de computer op in de veilige modus (klik)
                            • Dubbelklik op "AVUNINST.exe" om de uninstall tool te starten.
                            • Verwijder Avira volgens de instrucites.
                            • Dubbelklik op "Avira_RegistryCleaner.exe" om de registry cleaner zijn werk te laten doen.
                            • Herstart de computer.




                            Kijk even of de computer nu wel netjes draait.

                            Zo ja, kan je Avira weer installeren.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              En lukt het ?

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X