info.txt logfile of random's system information tool 1.10 2015-03-05 15:11:10 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F85100183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731EFE4E110F850C00807E00800F848A00B280EB825532E48A5600CD135DEB9C813EFE7D55AA756EFF7600E88A000F851500B0D1E664E87F00B0DFE660E87800B0FFE664E87100B800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C0074FCBB0700B40ECD10EBF22BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D00000000627A997D23D63900000020210007FEFFFF0008000000E04F0E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{0360D8F0-626A-4E87-8A16-938BD0BEBCC5} Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{B7B3E9B3-FB14-4927-894B-E9124509AF5A} Adobe Flash Player 16 NPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -maintain plugin CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CheckDrive-->"C:\Program Files\CheckDrive\unins000.exe" Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F} ExtractNow-->"C:\Program Files\ExtractNow\uninstall.exe" Free YouTube to MP3 Converter version 3.12.29.304-->C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe Google Chrome-->"C:\Program Files\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7-->C:\Program Files\HP\Digital Imaging\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\setup\hpzscr01.exe -datfile hposcr47.dat -onestop -forcereboot Kaspersky Internet Security-->MsiExec.exe /I{653C1B5A-3287-47B1-8613-0745D4E771C4} Kaspersky Internet Security-->MsiExec.exe /I{653C1B5A-3287-47B1-8613-0745D4E771C4} REMOVE=ALL Malwarebytes Anti-Malware versie 2.0.4.1028-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe" Mediapurge-->C:\Program Files\Mediapurge\uninstall.exe Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702} Microsoft Office Access MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE} Microsoft Office Groove MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00BA-0413-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0044-0413-0000-0000000FF1CE} Microsoft Office OneNote MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2010-->MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2010-->MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox 36.0 (x86 nl)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041043} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NirSoft BlueScreenView-->"C:\Program Files\NirSoft\BlueScreenView\uninst.exe" NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI NVIDIA Grafisch stuurprogramma 307.83-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{38A05CE9-445A-45F8-9A63-6AD48B4DE5FC}\NVI2.DLL",UninstallPackage Display.Driver NVIDIA Update 1.10.8-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{224F347B-EADC-4132-86C0-3A044121658F}\NVI2.DLL",UninstallPackage Display.Update NWZ-E450 WALKMAN Guide-->MsiExec.exe /X{0A6C2811-AD29-473F-8086-F0B401276DEC} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {1E88AFAE-CEF7-3540-8FF6-6D00877B2767} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8BA4E34D-95C5-3907-87E4-62FBB31A2190} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {21AEAFE4-6F0E-3169-A09C-9FB37C77E555} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {AE27A13B-C1EB-3973-8291-BC68A34F703C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {229E3EA4-C2A3-3031-86A5-9BC8396F945B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {D72CBAF5-4CAD-36E1-A6C3-57FE1D2B453E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2972106)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {46A6AEB6-89CB-3DDF-AF98-5FBA7D58C423} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A595E784-C204-339D-8460-9FE737C7BBBF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F97ADBB0-328A-3BAF-AA1A-0DDCEB094DF0} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2979575v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BDCDC684-E179-3461-A649-77FEE9D2C685} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {8BA4E34D-95C5-3907-87E4-62FBB31A2190} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2894842v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {AE27A13B-C1EB-3973-8291-BC68A34F703C} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {229E3EA4-C2A3-3031-86A5-9BC8396F945B} /parameterfolder Extended SpyHunter 4-->C:\Users\Eigenaar\AppData\Roaming\Enigma Software Group\sh_installer.exe -r sh SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {D5B80B17-2443-3296-A700-792FAA0748BD} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2836939v3)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {D5B80B17-2443-3296-A700-792FAA0748BD} /parameterfolder Extended VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe WD Link-->"C:\Program Files\Western Digital\WD Link\uninstall.exe" Wondershare AllMyTube(Build 4.2.2.0)-->"C:\Program Files\Wondershare\AllMyTube\unins000.exe" YTD Video Downloader 4.2-->"C:\Program Files\GreenTree Applications\YTD Video Downloader\uninstall.exe" ======Security center information====== AS: Windows Defender AS: SUPERAntiSpyware ======System event log====== Computer Name: PC_van_Eigenaar Event Code: 4374 Message: Pakket KB2974269(Security Update) is niet geschikt voor dit systeem Record Number: 21719 Source Name: Microsoft-Windows-Servicing Time Written: 20141110153423.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Eigenaar Event Code: 4374 Message: Pakket KB2974269(Security Update) is niet geschikt voor dit systeem Record Number: 21718 Source Name: Microsoft-Windows-Servicing Time Written: 20141110153423.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Eigenaar Event Code: 4374 Message: Pakket KB2974269(Security Update) is niet geschikt voor dit systeem Record Number: 21717 Source Name: Microsoft-Windows-Servicing Time Written: 20141110153423.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Eigenaar Event Code: 4374 Message: Pakket KB2974269(Security Update) is niet geschikt voor dit systeem Record Number: 21716 Source Name: Microsoft-Windows-Servicing Time Written: 20141110153423.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Eigenaar Event Code: 4374 Message: Pakket KB2974269(Security Update) is niet geschikt voor dit systeem Record Number: 21715 Source Name: Microsoft-Windows-Servicing Time Written: 20141110153423.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM =====Application event log===== Computer Name: 26L2233B2-11 Event Code: 1003 Message: De Windows Search-service is gestart. Record Number: 5 Source Name: Microsoft-Windows-Search Time Written: 20140925075907.000000-000 Event Type: Informatie User: Computer Name: 26L2233B2-11 Event Code: 5615 Message: De Windows Management Instrumentation-service is gestart Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20140925075906.000000-000 Event Type: Informatie User: Computer Name: 26L2233B2-11 Event Code: 4625 Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20140925075902.000000-000 Event Type: Informatie User: Computer Name: LH-HUCEOGWUH8GY Event Code: 900 Message: De Software Licensing-service wordt gestart. Record Number: 2 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20140925075902.000000-000 Event Type: Informatie User: Computer Name: LH-HUCEOGWUH8GY Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20140925075901.000000-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM =====Security event log===== Computer Name: 26L2233B2-11 Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: 26L2233B2-11$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x208 Procesnaam: C:\Windows\System32\services.exe Netwerkgegevens: Netwerkadres: - Poort: - Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140925075841.603326-000 Event Type: Controle geslaagd User: Computer Name: 26L2233B2-11 Event Code: 4902 Message: De tabel voor controlebeleid per gebruiker is gemaakt. Aantal elementen: 0 Beleids-id: 0x4c26f Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140925075839.122910-000 Event Type: Controle geslaagd User: Computer Name: 26L2233B2-11 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-0-0 Accountnaam: - Accountdomein: - Aanmeldings-id: 0x0 Aanmeldingstype: 0 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x4 Naam proces: Netwerkgegevens: Naam van werkstation: - Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: - Verificatiepakket: - Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140925075837.921702-000 Event Type: Controle geslaagd User: Computer Name: 26L2233B2-11 Event Code: 4608 Message: Windows wordt opgestart. Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140925075837.921702-000 Event Type: Controle geslaagd User: Computer Name: 26L2233B2-11 Event Code: 4647 Message: De gebruiker heeft een afmelding gestart: Onderwerp: Beveiligings-id: S-1-5-21-2152478756-3922319563-605102323-500 Accountnaam: Administrator Accountdomein: 26L2233B2-11 Aanmeldings-id: 0x8496a Deze gebeurtenis wordt gegenereerd wanneer een afmelding wordt gestart maar het aantal tokenverwijzingen niet nul is en de aanmeldingssessie niet kan worden vernietigd. De gebruiker kan verder geen activiteiten starten. Deze gebeurtenis kan worden geïnterpreteerd als een afmeldingsgebeurtenis. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061102130954.400000-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 -----------------EOF-----------------