info.txt logfile of random's system information tool 1.10 2015-10-04 09:17:17 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A41063F5E00008020210007DF130C000800000020030000DF140C07FEFFFF0028030000A8A21B00FEFFFF27FEFFFF00D0A51B00100E0000FEFFFF07FEFFFF00E0B31B0030651E55AA ======Uninstall list====== Adobe Flash Player 19 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_185_ActiveX.exe -maintain activex AVG PC TuneUp-->C:\Program Files\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe /mode=offline /uninstall=tu CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Definition Update for Microsoft Office 2013 (KB3085499) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{25C16831-58B2-4F63-B007-DDAB05B7E175}" "1033" "0" Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} Dropbox-->"C:\Program Files\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ESET Smart Security-->MsiExec.exe /I{2EE1F09A-ED17-452B-A148-AB7BA47E2038} FMW 1-->MsiExec.exe /I{F9EED269-3128-4285-B36F-ED8CDEECEABC} FrostWire 6.1.5-->C:\Program Files\FrostWire 6\Uninstall.exe Google Chrome-->"C:\Program Files\Google\Chrome\Application\45.0.2454.101\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341} Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{3911CF56-9EF2-39BA-846A-C27BD3CD0685} Microsoft Access MUI (English) 2013-->MsiExec.exe /X{90150000-0015-0409-0000-0000000FF1CE} Microsoft Access Setup Metadata MUI (English) 2013-->MsiExec.exe /X{90150000-0117-0409-0000-0000000FF1CE} Microsoft DCF MUI (English) 2013-->MsiExec.exe /X{90150000-0090-0409-0000-0000000FF1CE} Microsoft Excel MUI (English) 2013-->MsiExec.exe /X{90150000-0016-0409-0000-0000000FF1CE} Microsoft Groove MUI (English) 2013-->MsiExec.exe /X{90150000-00BA-0409-0000-0000000FF1CE} Microsoft InfoPath MUI (English) 2013-->MsiExec.exe /X{90150000-0044-0409-0000-0000000FF1CE} Microsoft Lync MUI (English) 2013-->MsiExec.exe /X{90150000-012B-0409-0000-0000000FF1CE} Microsoft Office OSM MUI (English) 2013-->MsiExec.exe /X{90150000-00E1-0409-0000-0000000FF1CE} Microsoft Office OSM UX MUI (English) 2013-->MsiExec.exe /X{90150000-00E2-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2013-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2013-->MsiExec.exe /X{90150000-0011-0000-0000-0000000FF1CE} Microsoft Office Proofing (English) 2013-->MsiExec.exe /X{90150000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2013 - English-->MsiExec.exe /X{90150000-001F-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2013 - Español-->MsiExec.exe /X{90150000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2013-->MsiExec.exe /X{90150000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2013-->MsiExec.exe /X{90150000-0115-0409-0000-0000000FF1CE} Microsoft OneNote MUI (English) 2013-->MsiExec.exe /X{90150000-00A1-0409-0000-0000000FF1CE} Microsoft Outlook MUI (English) 2013-->MsiExec.exe /X{90150000-001A-0409-0000-0000000FF1CE} Microsoft PowerPoint MUI (English) 2013-->MsiExec.exe /X{90150000-0018-0409-0000-0000000FF1CE} Microsoft Publisher MUI (English) 2013-->MsiExec.exe /X{90150000-0019-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0} Microsoft Word MUI (English) 2013-->MsiExec.exe /X{90150000-001B-0409-0000-0000000FF1CE} Outils de vérification linguistique 2013 de Microsoft Office - Français-->MsiExec.exe /X{90150000-001F-040C-0000-0000000FF1CE} Revo Uninstaller 1.95-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x13 Samsung USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{75B21DA2-6D54-4722-A28D-11BFE50B8D56}" "1033" "0" Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0409-0000-0000000FF1CE}" "{75B21DA2-6D54-4722-A28D-11BFE50B8D56}" "1033" "0" Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0409-0000-0000000FF1CE}" "{75B21DA2-6D54-4722-A28D-11BFE50B8D56}" "1033" "0" Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0409-0000-0000000FF1CE}" "{75B21DA2-6D54-4722-A28D-11BFE50B8D56}" "1033" "0" Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{75B21DA2-6D54-4722-A28D-11BFE50B8D56}" "1033" "0" Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{90E7A66B-723D-4790-824A-6E4EEC0C2CBA}" "1033" "0" Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{E0434175-7133-45D2-B53A-78700C2F8BC4}" "1033" "0" Security Update for Microsoft Office 2013 (KB3039734) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{363F92BA-008B-4FB0-9901-0C1F7BF4945A}" "1033" "0" Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{2113B49B-7A19-4592-863E-CD4124792AAE}" "1033" "0" Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{705BE900-4761-4742-BB58-2877F1544459}" "1033" "0" Security Update for Microsoft Office 2013 (KB3054932) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{5473406E-16C5-4192-8111-D04499CA6E95}" "1033" "0" Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{6A5F1709-91E6-479F-B09F-D7FC9D2404D8}" "1033" "0" Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0409-0000-0000000FF1CE}" "{6A5F1709-91E6-479F-B09F-D7FC9D2404D8}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{1F79A96A-2A70-45B3-8A5C-79DA61952879}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-040C-0000-0000000FF1CE}" "{9BB6CB7C-80E3-4F73-8A82-E3D88A3721BE}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0C0A-0000-0000000FF1CE}" "{64B94D95-B6EC-4E25-832F-D15B13ACFB0C}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-002C-0409-0000-0000000FF1CE}" "{14584904-277D-4E54-88E8-7705B774B526}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0044-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{0489F084-D6CB-46CE-BFA3-C142E7278864}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0090-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E1-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E2-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0115-0409-0000-0000000FF1CE}" "{0489F084-D6CB-46CE-BFA3-C142E7278864}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0117-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0409-0000-0000000FF1CE}" "{D0389590-F29B-4C3D-8CC1-E10BD7581DA4}" "1033" "0" Speccy-->"C:\Program Files\Speccy\uninst.exe" Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD\install.exe Update for Microsoft Access 2013 (KB3085503) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{58F9D81E-3E63-49A0-9163-FD7F2D6FA850}" "1033" "0" Update for Microsoft Access 2013 (KB3085503) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0409-0000-0000000FF1CE}" "{58F9D81E-3E63-49A0-9163-FD7F2D6FA850}" "1033" "0" Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}" "1033" "0" Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{FFF87DE6-6602-4F65-BD75-D481E0539DCD}" "1033" "0" Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{45B7D395-EB9B-414F-9E46-5849B42326E2}" "1033" "0" Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{6D771289-E5A7-442F-82B5-5EC4217AEF03}" "1033" "0" Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{50294D1D-175D-4D3B-84FE-C3809F108CED}" "1033" "0" Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{178560C0-1602-4F9D-A5AD-9B9A8BD0BA1A}" "1033" "0" Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0409-0000-0000000FF1CE}" "{178560C0-1602-4F9D-A5AD-9B9A8BD0BA1A}" "1033" "0" Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0090-0409-0000-0000000FF1CE}" "{178560C0-1602-4F9D-A5AD-9B9A8BD0BA1A}" "1033" "0" Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{B8E73381-09B1-4895-ACD0-34385B0F526D}" "1033" "0" Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{7A9AB1AE-98B5-4B45-86B8-33A7B946D7CA}" "1033" "0" Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{52064DE8-AF91-4EAC-8B57-CECA10E8C1C0}" "1033" "0" Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{87F6726E-6F99-42F0-8E11-55D798E57DD5}" "1033" "0" Update for Microsoft Office 2013 (KB2956152) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{E033127B-28B7-445C-BD79-690E2C1D19B5}" "1033" "0" Update for Microsoft Office 2013 (KB2965271) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{05F96E90-A024-4CB1-9694-42C845C38546}" "1033" "0" Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{DC99BDCA-01F1-42F5-AD31-72A5B8C17F12}" "1033" "0" Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{DC99BDCA-01F1-42F5-AD31-72A5B8C17F12}" "1033" "0" Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{FC017EDD-645B-44D8-9D84-623DE069F1B9}" "1033" "0" Update for Microsoft Office 2013 (KB3039718) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{36A7AD40-DCB0-4180-91FF-88032371732D}" "1033" "0" Update for Microsoft Office 2013 (KB3039739) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{0FF77595-D4EA-46E9-9F1B-3D2BB7AE468F}" "1033" "0" Update for Microsoft Office 2013 (KB3039739) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0409-0000-0000000FF1CE}" "{0FF77595-D4EA-46E9-9F1B-3D2BB7AE468F}" "1033" "0" Update for Microsoft Office 2013 (KB3039762) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{8CBD3B03-373F-490B-86ED-2F812D4068E6}" "1033" "0" Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{4B7382DD-C92C-4942-BFE6-9B892B915E5C}" "1033" "0" Update for Microsoft Office 2013 (KB3054774) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{4AA15AD1-38AD-4149-954E-BBEF8D7E489A}" "1033" "0" Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{C3E627A0-AADD-46D0-8CF6-62AFC66FA08B}" "1033" "0" Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{FF0A4C57-A2D2-4ACA-9DF5-23DB94A718A1}" "1033" "0" Update for Microsoft Office 2013 (KB3054923) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{9BB691E8-3078-442A-80C5-3CBD3CD95636}" "1033" "0" Update for Microsoft Office 2013 (KB3054935) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{E09BBD8F-7B76-44FD-9576-D2D7ADCF3623}" "1033" "0" Update for Microsoft Office 2013 (KB3055010) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{B23930CE-D49D-4BE7-9443-1B6D056C54EC}" "1033" "0" Update for Microsoft Office 2013 (KB3055010) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{B23930CE-D49D-4BE7-9443-1B6D056C54EC}" "1033" "0" Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{31151185-8813-4FD3-A1FA-3FB446562E39}" "1033" "0" Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-040C-0000-0000000FF1CE}" "{34646FBE-BA21-4C29-B22B-4F40537E69D2}" "1033" "0" Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0C0A-0000-0000000FF1CE}" "{F169C9BF-6A8B-45EB-9D83-600C13BD64BC}" "1033" "0" Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{25044A61-BFCF-4FB3-B1F9-CAEC11321AC1}" "1033" "0" Update for Microsoft Office 2013 (KB3085480) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{F772C69B-B800-4C7D-8F81-5E8274594E8B}" "1033" "0" Update for Microsoft Office 2013 (KB3085480) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{F772C69B-B800-4C7D-8F81-5E8274594E8B}" "1033" "0" Update for Microsoft Office 2013 (KB3085493) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{560EBFE7-3F12-458E-A35F-7E20BB681B55}" "1033" "0" Update for Microsoft Office 2013 (KB3085504) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{D8C40022-F9C8-4C08-B5B4-FEB96D2029CE}" "1033" "0" Update for Microsoft Office 2013 (KB3085506) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{95C595F3-2C2F-4450-811B-75E9C24C96F0}" "1033" "0" Update for Microsoft OneDrive for Business (KB3055020) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{FD612B97-4A82-4530-B2DA-D55B88665FF1}" "1033" "0" Update for Microsoft OneDrive for Business (KB3055020) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0409-0000-0000000FF1CE}" "{FD612B97-4A82-4530-B2DA-D55B88665FF1}" "1033" "0" Update for Microsoft OneNote 2013 (KB3085491) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{8AF46BDC-B8D1-454C-9AB8-B61D58273757}" "1033" "0" Update for Microsoft OneNote 2013 (KB3085491) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0409-0000-0000000FF1CE}" "{8AF46BDC-B8D1-454C-9AB8-B61D58273757}" "1033" "0" Update for Microsoft Outlook 2013 (KB3085495) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{5387A46A-0105-4636-BC23-767ED52A3360}" "1033" "0" Update for Microsoft Outlook 2013 (KB3085495) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0409-0000-0000000FF1CE}" "{5387A46A-0105-4636-BC23-767ED52A3360}" "1033" "0" Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{3A2EB2A7-9F2D-4FA0-AE80-AD1A5A02A7AA}" "1033" "0" Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0409-0000-0000000FF1CE}" "{3A2EB2A7-9F2D-4FA0-AE80-AD1A5A02A7AA}" "1033" "0" Update for Microsoft PowerPoint 2013 (KB3085478) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{7F639996-BB41-4FE9-A37D-E7084570A1AF}" "1033" "0" Update for Microsoft PowerPoint 2013 (KB3085478) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0409-0000-0000000FF1CE}" "{7F639996-BB41-4FE9-A37D-E7084570A1AF}" "1033" "0" Update for Microsoft Publisher 2013 (KB3023050) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{83EFBE27-6DE4-419C-9B99-2984DF4D9F13}" "1033" "0" Update for Microsoft Publisher 2013 (KB3023050) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0409-0000-0000000FF1CE}" "{83EFBE27-6DE4-419C-9B99-2984DF4D9F13}" "1033" "0" Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1033" "0" Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0409-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1033" "0" Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{A7CD05CC-CA85-428C-91FD-74A908D126E1}" "1033" "0" Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-0000-0000000FF1CE}" "{C91A7D17-DFB0-4FED-8E95-0ECAE9BFC882}" "1033" "0" Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0409-0000-0000000FF1CE}" "{C91A7D17-DFB0-4FED-8E95-0ECAE9BFC882}" "1033" "0" Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0409-0000-0000000FF1CE}" "{C91A7D17-DFB0-4FED-8E95-0ECAE9BFC882}" "1033" "0" Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0409-0000-0000000FF1CE}" "{C91A7D17-DFB0-4FED-8E95-0ECAE9BFC882}" "1033" "0" Update for Skype for Business 2015 (KB2889853) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0409-0000-0000000FF1CE}" "{BF1B3F01-93F3-4B83-93DB-132EB1AED259}" "1033" "0" Viber-->MsiExec.exe /I{703E9CCF-0578-4AF0-B1F7-90368CFDC8DD} Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} WinRAR 5.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: Yvonne-PC Event Code: 7045 Message: Er is een service geïnstalleerd. Servicenaam: Adobe Flash Player Update Service Naam servicebestand: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Servicetype: service voor gebruikersmodus Starttype van service: starten op aanvraag Serviceaccount: LocalSystem Record Number: 8767 Source Name: Service Control Manager Time Written: 20151003100919.219436-000 Event Type: Informatie User: Yvonne-PC\Yvonne Computer Name: Yvonne-PC Event Code: 7036 Message: De Application Experience-service heeft nu de status wordt uitgevoerd. Record Number: 8766 Source Name: Service Control Manager Time Written: 20151003100845.882177-000 Event Type: Informatie User: Computer Name: Yvonne-PC Event Code: 104 Message: Logboekbestand Windows PowerShell is gewist. Record Number: 8765 Source Name: Microsoft-Windows-Eventlog Time Written: 20151003100759.858083-000 Event Type: Informatie User: Yvonne-PC\Yvonne Computer Name: Yvonne-PC Event Code: 104 Message: Logboekbestand TuneUp is gewist. Record Number: 8764 Source Name: Microsoft-Windows-Eventlog Time Written: 20151003100759.234082-000 Event Type: Informatie User: Yvonne-PC\Yvonne Computer Name: Yvonne-PC Event Code: 104 Message: Logboekbestand System is gewist. Record Number: 8763 Source Name: Microsoft-Windows-Eventlog Time Written: 20151003100759.015682-000 Event Type: Informatie User: Yvonne-PC\Yvonne =====Application event log===== Computer Name: Yvonne-PC Event Code: 8193 Message: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine GetProviderMgmtInterface. hr = 0x8004230f, Bij de provider van schaduwkopieën is een onverwachte fout opgetreden bij het verwerken van de opgegeven bewerking. . Record Number: 3446 Source Name: VSS Time Written: 20151003104715.000000-000 Event Type: Fout User: Computer Name: Yvonne-PC Event Code: 12292 Message: Fout in de Volume Shadow Copy-service: fout bij het maken van de COM-klasse van de schaduwkopieprovider met CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Kan de service niet starten omdat deze is uitgeschakeld of omdat het geen ingeschakelde apparaten met zich heeft verbonden. ]. Bewerking: Aanroepbare interface voor deze provider verkrijgen Beheerinterface van provider ophalen Context: Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5} Klasse-id: {00000000-0000-0000-0000-000000000000} Context van snapshot: -1 Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5} Record Number: 3445 Source Name: VSS Time Written: 20151003104714.000000-000 Event Type: Fout User: Computer Name: Yvonne-PC Event Code: 13 Message: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} en de naam SW_PROV kan niet worden gestart. [0x80070422, Kan de service niet starten omdat deze is uitgeschakeld of omdat het geen ingeschakelde apparaten met zich heeft verbonden. ] Bewerking: Aanroepbare interface voor deze provider verkrijgen Beheerinterface van provider ophalen Context: Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5} Klasse-id: {00000000-0000-0000-0000-000000000000} Context van snapshot: -1 Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5} Record Number: 3444 Source Name: VSS Time Written: 20151003104714.000000-000 Event Type: Fout User: Computer Name: Yvonne-PC Event Code: 1530 Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2584896191-163945130-4163865954-1000: Process 1820 (\Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe) has opened key \REGISTRY\USER\S-1-5-21-2584896191-163945130-4163865954-1000 Record Number: 3443 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20151003104711.884932-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEM Computer Name: Yvonne-PC Event Code: 6000 Message: De kennisgevingssubscriber van winlogon was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken. Record Number: 3442 Source Name: Microsoft-Windows-Winlogon Time Written: 20151003104706.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: Yvonne-PC Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: YVONNE-PC$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x208 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 4781 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151003105117.070563-000 Event Type: Controle geslaagd User: Computer Name: Yvonne-PC Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 4780 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151003104714.068936-000 Event Type: Controle geslaagd User: Computer Name: Yvonne-PC Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: YVONNE-PC$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x208 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 4779 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151003104714.068936-000 Event Type: Controle geslaagd User: Computer Name: Yvonne-PC Event Code: 4647 Message: De gebruiker heeft een afmelding gestart: Onderwerp: Beveiligings-id: S-1-5-21-2584896191-163945130-4163865954-1000 Accountnaam: Yvonne Accountdomein: Yvonne-PC Aanmeldings-id: 0x1cf1e Deze gebeurtenis wordt gegenereerd wanneer een afmelding wordt gestart. De gebruiker kan verder geen activiteiten starten. Deze gebeurtenis kan worden geïnterpreteerd als een afmeldingsgebeurtenis. Record Number: 4778 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151003104704.599719-000 Event Type: Controle geslaagd User: Computer Name: Yvonne-PC Event Code: 1102 Message: Het controlelogboek is gewist. Onderwerp: Beveiligings-id: S-1-5-21-2584896191-163945130-4163865954-1000 Accountnaam: Yvonne Domeinnaam: Yvonne-PC Aanmeldings-id: 0x1cf1e Record Number: 4777 Source Name: Microsoft-Windows-Eventlog Time Written: 20151003100758.688081-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=1 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a -----------------EOF-----------------