info.txt logfile of random's system information tool 1.10 2015-01-13 22:30:54 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A4643A36E000080DF140C07FEFFFF0028030000E0310C00FEFFFF07FEFFFF0008350C0050032E000000000000000000000000000000000000000000000000000000000000000055AA ======Uninstall list====== -->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{24A01CE6-5F9A-4ED3-ADA2-3027187D8928}" "1043" "0" -->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{78D4F720-6555-486E-9242-25CEC996BFEA}" "1043" "0" Acronis True Image 2014-->MsiExec.exe /X{75C8A4FB-6949-48CA-A1FF-6A60F61D8B88} Adobe Creative Cloud-->"C:\Program Files\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe" Adobe Flash Player 15 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -maintain activex Adobe Flash Player 15 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -maintain plugin Adobe Shockwave Player 12.0-->MsiExec.exe /X{9A3AB849-5758-4C2D-88FD-92FC880AE9F6} Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Combined Community Codec Pack 2013-11-27-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" CorelDRAW Graphics Suite X6 - IPM-->MsiExec.exe /I{0084B0C3-F376-42E3-804A-885D249282BD} CorelDRAW Graphics Suite X6 - Writing Tools-->MsiExec.exe /I{318FF3D7-0C40-483B-AF92-AF36416B0AC6} CorelDRAW Graphics Suite X6-->c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\SetupARP.exe /arp Definition Update for Microsoft Office 2013 (KB2910926) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{47538089-58B5-4734-9F82-E5F942AD20CB}" "1043" "0" Epson Event Manager-->MsiExec.exe /X{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B} EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON XP-215 217 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSLGE.EXE /R /APD /P:"EPSON XP-215 217 Series" Foxit Cloud-->"C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\unins000.exe" Foxit Reader-->"C:\Program Files\Foxit Software\Foxit Reader\unins000.exe" Google Drive-->MsiExec.exe /X{C60F3836-333A-4AE2-B526-CFDBA143A9BA} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall Java 7 Update 67-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF} Laptop Integrated Webcam Driver (1.03.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM004.uns -plugin OEM04Pin.dll -pluginres OEM04Pin.crl -nodisconprompt -langid 0x0413 Malwarebytes Anti-Malware versie 2.0.4.1028-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe" Microsoft .NET Framework 4.5.1 (Nederlands)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\NLD\\Setup.exe /repair /x86 /lcid 1043 Microsoft .NET Framework 4.5.1 (NLD)-->MsiExec.exe /X{1A91D86E-3124-3574-A4BF-406761265CFA} Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D} Microsoft Access MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0015-0413-0000-0000000FF1CE} Microsoft DCF MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0090-0413-0000-0000000FF1CE} Microsoft Excel MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0016-0413-0000-0000000FF1CE} Microsoft Groove MUI (Dutch) 2013-->MsiExec.exe /X{90150000-00BA-0413-0000-0000000FF1CE} Microsoft InfoPath MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0044-0413-0000-0000000FF1CE} Microsoft Lync MUI (Dutch) 2013-->MsiExec.exe /X{90150000-012B-0413-0000-0000000FF1CE} Microsoft Office Korrekturhilfen 2013 - Deutsch-->MsiExec.exe /X{90150000-001F-0407-0000-0000000FF1CE} Microsoft Office OSM MUI (Dutch) 2013-->MsiExec.exe /X{90150000-00E1-0413-0000-0000000FF1CE} Microsoft Office OSM UX MUI (Dutch) 2013-->MsiExec.exe /X{90150000-00E2-0413-0000-0000000FF1CE} Microsoft Office Professional Plus 2013-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL Microsoft Office Professional Plus 2013-->MsiExec.exe /X{91150000-0011-0000-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2013-->MsiExec.exe /X{90150000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing Tools 2013 - English-->MsiExec.exe /X{90150000-001F-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2013 - Nederlands-->MsiExec.exe /X{90150000-001F-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2013-->MsiExec.exe /X{90150000-006E-0413-0000-0000000FF1CE} Microsoft OneNote MUI (Dutch) 2013-->MsiExec.exe /X{90150000-00A1-0413-0000-0000000FF1CE} Microsoft Outlook MUI (Dutch) 2013-->MsiExec.exe /X{90150000-001A-0413-0000-0000000FF1CE} Microsoft PowerPoint MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0018-0413-0000-0000000FF1CE} Microsoft Publisher MUI (Dutch) 2013-->MsiExec.exe /X{90150000-0019-0413-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual Basic for Applications 7.1 (x86) Dutch-->MsiExec.exe /I{78AEA60C-F69B-48B9-813A-D1CB57091E46} Microsoft Visual Basic for Applications 7.1 (x86) English-->MsiExec.exe /I{BAB89D31-4C55-472B-8909-6CBE2CC276B1} Microsoft Visual Basic for Applications 7.1 (x86)-->MsiExec.exe /I{90120000-0070-0000-0000-4000000FF1CE} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9} Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79} Microsoft Word MUI (Dutch) 2013-->MsiExec.exe /X{90150000-001B-0413-0000-0000000FF1CE} Mozilla Firefox 34.0 (x86 nl)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" Nero Burning Core-->MsiExec.exe /X{B166374C-105E-445E-8E5D-A86CA5742645} Nero Burning ROM 2014-->MsiExec.exe /I{DEBA969E-2E0A-431B-8F81-E651C6C0F852} Nero Burning ROM Help (CHM)-->MsiExec.exe /X{FA78CC15-9F90-443B-BA61-A66595F06432} Nero Burning ROM-->MsiExec.exe /X{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA} Nero ControlCenter Help (CHM)-->MsiExec.exe /X{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C} Nero ControlCenter-->MsiExec.exe /X{ABC88553-8770-4B97-B43E-5A90647A5B63} Nero Core Components-->MsiExec.exe /X{BEBEE34D-84A2-4EDD-8BEA-96CC54371263} Nero SharedVideoCodecs-->MsiExec.exe /X{2432E589-6256-4513-B0BF-EFA8E325D5F0} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} Outils de vérification linguistique 2013 de Microsoft Office - Français-->MsiExec.exe /X{90150000-001F-040C-0000-0000000FF1CE} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Revo Uninstaller 1.95-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {1531A92E-2552-384F-B942-06A5D18DFA13} Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {8086EDC0-3409-3560-B108-44FC46882443} Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {FED9B2BC-E6D7-3409-B4C9-99AF8AC65725} Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {054F96E9-E89B-3DDB-AA70-A65194B921B4} Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {CBD8D84A-257A-3A60-9819-5DF166F9CD25} Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {4DC3F78D-5CCF-37B9-9A05-EDDC456F4F20} Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {00BE0B8D-C610-34AA-ABD1-EE023DA39E5D} Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {1863F765-CBE8-3EB3-B434-CA6B6DF2561E} Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0413-0000-0000000FF1CE}" "{31738D16-8721-41FD-A2D2-361842AEC8D1}" "1043" "0" Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0413-0000-0000000FF1CE}" "{31738D16-8721-41FD-A2D2-361842AEC8D1}" "1043" "0" Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0413-0000-0000000FF1CE}" "{31738D16-8721-41FD-A2D2-361842AEC8D1}" "1043" "0" Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{31738D16-8721-41FD-A2D2-361842AEC8D1}" "1043" "0" Security Update for Microsoft Excel 2013 (KB2910929) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{31738D16-8721-41FD-A2D2-361842AEC8D1}" "1043" "0" Security Update for Microsoft Office 2013 (KB2726958) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{DFA3708C-C837-42C3-85AF-41E39CD1E0E9}" "1043" "0" Security Update for Microsoft Office 2013 (KB2726958) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{DFA3708C-C837-42C3-85AF-41E39CD1E0E9}" "1043" "0" Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{90E7A66B-723D-4790-824A-6E4EEC0C2CBA}" "1043" "0" Security Update for Microsoft Word 2013 (KB2910916) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0413-0000-0000000FF1CE}" "{9C6E2EF9-09CF-4ADE-94E9-57D2EA985335}" "1043" "0" Security Update for Microsoft Word 2013 (KB2910916) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0413-0000-0000000FF1CE}" "{9C6E2EF9-09CF-4ADE-94E9-57D2EA985335}" "1043" "0" Security Update for Microsoft Word 2013 (KB2910916) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0413-0000-0000000FF1CE}" "{9C6E2EF9-09CF-4ADE-94E9-57D2EA985335}" "1043" "0" Security Update for Microsoft Word 2013 (KB2910916) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{9C6E2EF9-09CF-4ADE-94E9-57D2EA985335}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-0000-0000000FF1CE}" "{55A588B8-2D30-4B60-AB09-5DB57C592B81}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{1F79A96A-2A70-45B3-8A5C-79DA61952879}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-040C-0000-0000000FF1CE}" "{9BB6CB7C-80E3-4F73-8A82-E3D88A3721BE}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0413-0000-0000000FF1CE}" "{33ADBDF0-040B-4375-8303-0634AB069C5E}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-002C-0413-0000-0000000FF1CE}" "{D09BBA55-7F7F-472A-B98D-2582E714A879}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0044-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{39B343EA-68AA-49BD-980D-931622806870}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0090-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E1-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E2-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0413-0000-0000000FF1CE}" "{7675520D-65AA-4A7A-8967-4DCE7BF6D741}" "1043" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}" "1043" "0" Software Updater-->MsiExec.exe /X{B307472F-7BD9-4040-9255-CE6D6A1196A3} SpyHunter 4-->C:\Users\Izzy\AppData\Roaming\Enigma Software Group\sh_installer.exe -r sh Update for Microsoft Access 2013 (KB2863859) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0413-0000-0000000FF1CE}" "{E46B7A4D-49AC-4339-9D65-22618C8121DA}" "1043" "0" Update for Microsoft Access 2013 (KB2863859) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{E46B7A4D-49AC-4339-9D65-22618C8121DA}" "1043" "0" Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0413-0000-0000000FF1CE}" "{4642F740-7617-4526-90FB-C45C1B126FF0}" "1043" "0" Update for Microsoft Lync 2013 (KB2910927) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0413-0000-0000000FF1CE}" "{A10D670F-5DD5-414E-8BAE-002D82F5E554}" "1043" "0" Update for Microsoft Lync 2013 (KB2910927) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{A10D670F-5DD5-414E-8BAE-002D82F5E554}" "1043" "0" Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{8C07AD38-38EB-4332-BCB3-F55A77C927DF}" "1043" "0" Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}" "1043" "0" Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{FFF87DE6-6602-4F65-BD75-D481E0539DCD}" "1043" "0" Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{45B7D395-EB9B-414F-9E46-5849B42326E2}" "1043" "0" Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{66421820-D3CA-450A-898C-78D7E40108E6}" "1043" "0" Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{6D771289-E5A7-442F-82B5-5EC4217AEF03}" "1043" "0" Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{AD7045B8-1D75-4B4C-8120-12F045D206C7}" "1043" "0" Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}" "1043" "0" Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{31849233-AD8B-42D7-9AE1-74C79C8E8C03}" "1043" "0" Update for Microsoft Office 2013 (KB2881008) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{F5947EDE-072C-4150-9EE3-3AFDD8618458}" "1043" "0" Update for Microsoft Office 2013 (KB2881008) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{F5947EDE-072C-4150-9EE3-3AFDD8618458}" "1043" "0" Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0413-0000-0000000FF1CE}" "{01B80B63-C638-4004-9148-75B8C8518B1E}" "1043" "0" Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{01B80B63-C638-4004-9148-75B8C8518B1E}" "1043" "0" Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{B8E73381-09B1-4895-ACD0-34385B0F526D}" "1043" "0" Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}" "1043" "0" Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{7A9AB1AE-98B5-4B45-86B8-33A7B946D7CA}" "1043" "0" Update for Microsoft Office 2013 (KB2889858) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{202F6657-15AD-4EAC-B922-24A46D6D7DA3}" "1043" "0" Update for Microsoft Office 2013 (KB2889938) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{6A5A7699-2234-4983-B8C9-643EF9F1CD95}" "1043" "0" Update for Microsoft Office 2013 (KB2899498) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0413-0000-0000000FF1CE}" "{E4046E6A-999E-45AE-8348-C76677AD0016}" "1043" "0" Update for Microsoft Office 2013 (KB2899498) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{E4046E6A-999E-45AE-8348-C76677AD0016}" "1043" "0" Update for Microsoft Office 2013 (KB2899501) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{7CA9C76C-0CC2-4800-A1E1-1CA9F3FD8595}" "1043" "0" Update for Microsoft Office 2013 (KB2899505) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{D62D90F6-AEA1-4D5F-AF4D-9CBDB427EE32}" "1043" "0" Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{87F6726E-6F99-42F0-8E11-55D798E57DD5}" "1043" "0" Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-0000-0000000FF1CE}" "{0EE2F8B2-262E-426E-9D29-D4B271066CCC}" "1043" "0" Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{042AAB16-8C59-4F9A-9462-F084C27F2AFC}" "1043" "0" Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-040C-0000-0000000FF1CE}" "{9563A879-05D5-4B0C-9E1E-B04A215AB1EB}" "1043" "0" Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0413-0000-0000000FF1CE}" "{4182C12B-B429-4B3E-80F4-3E461C275556}" "1043" "0" Update for Microsoft Office 2013 (KB2910931) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{6C9BAEFB-B117-4BE3-BC1F-50089183F6BB}" "1043" "0" Update for Microsoft Office 2013 (KB2920734) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{35E324C9-A8DE-481E-BAE0-6CA6718A0430}" "1043" "0" Update for Microsoft Office 2013 (KB2920734) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{35E324C9-A8DE-481E-BAE0-6CA6718A0430}" "1043" "0" Update for Microsoft OneDrive for Business (KB2910935) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0413-0000-0000000FF1CE}" "{6D39C662-E6C2-4AC4-B7D8-24C628A1630F}" "1043" "0" Update for Microsoft OneDrive for Business (KB2910935) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{6D39C662-E6C2-4AC4-B7D8-24C628A1630F}" "1043" "0" Update for Microsoft OneNote 2013 (KB2899502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0413-0000-0000000FF1CE}" "{ED32A190-6300-4146-9548-4B005A31B5DD}" "1043" "0" Update for Microsoft OneNote 2013 (KB2899502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{ED32A190-6300-4146-9548-4B005A31B5DD}" "1043" "0" Update for Microsoft Outlook 2013 (KB2899504) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0413-0000-0000000FF1CE}" "{CEE35FF1-A822-452F-97F1-B43BD380A83C}" "1043" "0" Update for Microsoft Outlook 2013 (KB2899504) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{CEE35FF1-A822-452F-97F1-B43BD380A83C}" "1043" "0" Update for Microsoft PowerPoint 2013 (KB2910907) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0413-0000-0000000FF1CE}" "{C2D61CB7-DC69-40CB-8B8C-C44E391BB45C}" "1043" "0" Update for Microsoft PowerPoint 2013 (KB2910907) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{C2D61CB7-DC69-40CB-8B8C-C44E391BB45C}" "1043" "0" Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0413-0000-0000000FF1CE}" "{7500AD77-83C6-400B-8B2F-F8E401A7B697}" "1043" "0" Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{7500AD77-83C6-400B-8B2F-F8E401A7B697}" "1043" "0" Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0413-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1043" "0" Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1043" "0" Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{91150000-0011-0000-0000-0000000FF1CE}" "{A7CD05CC-CA85-428C-91FD-74A908D126E1}" "1043" "0" VLC media player 2.1.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WinRAR 5.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe ======Hosts File====== 127.0.0.1 activation.acronis.com ======System event log====== Computer Name: WIN-3KUSKQRNN31 Event Code: 7040 Message: Het opstarttype van de service Windows Search is gewijzigd van automatisch starten in uitgeschakeld. Record Number: 2185 Source Name: Service Control Manager Time Written: 20131130213606.667165-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 7036 Message: De Application Experience-service heeft nu de status wordt uitgevoerd. Record Number: 2184 Source Name: Service Control Manager Time Written: 20131130213600.021553-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 104 Message: Logboekbestand Setup is gewist. Record Number: 2183 Source Name: Microsoft-Windows-Eventlog Time Written: 20131130213601.035555-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 104 Message: Logboekbestand Application is gewist. Record Number: 2182 Source Name: Microsoft-Windows-Eventlog Time Written: 20131130213600.754755-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 104 Message: Logboekbestand System is gewist. Record Number: 2181 Source Name: Microsoft-Windows-Eventlog Time Written: 20131130213600.676754-000 Event Type: Informatie User: =====Application event log===== Computer Name: WIN-3KUSKQRNN31 Event Code: 1001 Message: De prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) zijn verwijderd. De recordgegevens bevatten de nieuwe waarden van de registervermeldingen Last Counter en Last Help van het systeem. Record Number: 511 Source Name: Microsoft-Windows-LoadPerf Time Written: 20131130213912.338691-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: WIN-3KUSKQRNN31 Event Code: 12306 Message: De evaluatieperiode kan niet worden vernieuwd voor toepassings-id = 55c92734-d682-4d71-983e-d6ec3f16059f, SKU-id = (null) - U kunt de evaluatieperiode nog 2 keer vernieuwen. Record Number: 510 Source Name: Microsoft-Windows-Security-SPP Time Written: 20131130213839.000000-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 1003 Message: De Windows Search-service is gestart. Record Number: 509 Source Name: Microsoft-Windows-Search Time Written: 20131130213609.000000-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 1013 Message: De Windows Search-service is normaal gestopt. Record Number: 508 Source Name: Microsoft-Windows-Search Time Written: 20131130213607.000000-000 Event Type: Informatie User: Computer Name: WIN-3KUSKQRNN31 Event Code: 103 Message: Windows (2036) Windows: De database-engine heeft een nieuwe sessie (0) stopgezet. Record Number: 507 Source Name: ESENT Time Written: 20131130213607.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: WIN-3KUSKQRNN31 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: WIN-3KUSKQRNN31$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x1dc Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 1437 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20131130213610.364371-000 Event Type: Controle geslaagd User: Computer Name: WIN-3KUSKQRNN31 Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1436 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20131130213608.897969-000 Event Type: Controle geslaagd User: Computer Name: WIN-3KUSKQRNN31 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: WIN-3KUSKQRNN31$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x1dc Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 1435 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20131130213608.897969-000 Event Type: Controle geslaagd User: Computer Name: WIN-3KUSKQRNN31 Event Code: 4738 Message: Er is een gebruikersaccount gewijzigd. Onderwerp: Beveiligings-id: S-1-5-21-3178266194-2711759824-2667522730-500 Accountnaam: Administrator Accountdomein: WIN-3KUSKQRNN31 Aanmeldings-id: 0x1e472 Doelaccount: Beveiligings-id: S-1-5-21-3178266194-2711759824-2667522730-500 Accountnaam: Administrator Accountdomein: WIN-3KUSKQRNN31 Gewijzigde kenmerken: SAM-accountnaam: - Weergavenaam: - Principal-naam van gebruiker: - Basismap: - Basisstation: - Pad naar script: - Pad naar profiel: - Gebruikerswerkstations: - Wachtwoord voor het laatst ingesteld: - Account verloopt op: - Primaire groeps-id: - Mag overdragen aan: - Oude UAC-waarde: 0x211 Nieuwe UAC-waarde: 0x211 Gebruikersaccountbeheer: - Gebruikersparameters: - SID-geschiedenis: - Aantal uren aangemeld: - Aanvullende gegevens: Bevoegdheden: - Record Number: 1434 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20131130213601.300755-000 Event Type: Controle geslaagd User: Computer Name: WIN-3KUSKQRNN31 Event Code: 1102 Message: Het controlelogboek is gewist. Onderwerp: Beveiligings-id: S-1-5-21-3178266194-2711759824-2667522730-500 Accountnaam: Administrator Domeinnaam: WIN-3KUSKQRNN31 Aanmeldings-id: 0x1e472 Record Number: 1433 Source Name: Microsoft-Windows-Eventlog Time Written: 20131130213600.754755-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Acronis\SnapAPI\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF-----------------