info.txt logfile of random's system information tool 1.10 2015-10-28 22:07:45 ======MBR====== 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009CD100000200EEFFFFFF01000000AF0A740700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA ======Uninstall list====== -->MsiExec /X{13153D0E-EC16-4BB7-B9EA-E622E357F353} Age of Empires® III: Complete Collection-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/105450 AVG PC TuneUp-->C:\Program Files (x86)\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe /mode=offline /uninstall=tu Bitdefender Agent-->C:\Program Files\Bitdefender Agent\installer\installer.exe /uninstall Bitdefender Total Security 2016-->C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\installer.exe Counter-Strike: Global Offensive-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730 Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240 D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DayZ-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221100 Far Cry® 3-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220240 FMW 1-->MsiExec.exe /I{FE787B85-D93D-48FC-A974-0A70CACBAC35} Fotogalerie-->MsiExec.exe /X{3CBD94C1-BA15-488C-888B-D8DD296CC6DC} Fotogalerija-->MsiExec.exe /X{1F0C818D-4A41-4E40-BAFB-BB940C82A518} Fotogalleri-->MsiExec.exe /X{E354D495-5DA4-4CCF-AB39-080F6A4141BE} Fotogalleriet-->MsiExec.exe /X{9F470E17-4FC3-4091-A508-D5347A16A2B9} Fotoğraf Galerisi-->MsiExec.exe /X{DB7B6508-2AAB-4F26-99D4-74559A2F5E42} Fotótár-->MsiExec.exe /X{E50E3DBC-46AA-4827-B2A6-F995D81DF526} Galeria de Fotografias-->MsiExec.exe /X{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14} Galería de fotos-->MsiExec.exe /X{8F7FECEC-088F-431D-A5FB-2B59E1E69943} Galeria fotografii-->MsiExec.exe /X{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8} Galerie de photos-->MsiExec.exe /X{446CC8CE-0E90-44F7-ADD0-774B243EF090} Grand Theft Auto III-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12100 Grand Theft Auto IV-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12210 Grand Theft Auto: Episodes from Liberty City-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12220 Grand Theft Auto: San Andreas-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12120 Grand Theft Auto: Vice City-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12110 Insurgency-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/222880 Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall Intel® Trusted Connect Service Client-->MsiExec.exe /I{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8} Mafia II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/50130 Malwarebytes Anti-Malware versie 2.2.0.1024-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" Max Payne 2: The Fall of Max Payne-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12150 Max Payne 3-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/204100 Max Payne-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12140 Microsoft Office-->MsiExec.exe /X{90150000-0138-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} Mortal Kombat Komplete Edition-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/237110 Movie Maker-->MsiExec.exe /X{03CC9D58-B132-4CC0-A521-4F3660AA43C7} Movie Maker-->MsiExec.exe /X{058EDEC8-1873-4B49-9A08-54ADE9CC129B} Movie Maker-->MsiExec.exe /X{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9} Movie Maker-->MsiExec.exe /X{2A078A2B-E2C8-43A3-862C-DC57090AB7C2} Movie Maker-->MsiExec.exe /X{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E} Movie Maker-->MsiExec.exe /X{306C7AEF-16C7-428D-93AA-99D4A4090243} Movie Maker-->MsiExec.exe /X{36BEC461-B58A-414D-993E-E2BDD1F1A14B} Movie Maker-->MsiExec.exe /X{62BBCDDC-4979-4E59-9D97-5B8E874C3191} Movie Maker-->MsiExec.exe /X{701FE1BC-834A-4857-AF62-6EBA50CFBC78} Movie Maker-->MsiExec.exe /X{751EB657-3F22-4150-8CE4-D79A262F1D92} Movie Maker-->MsiExec.exe /X{7E63F102-A9E9-4F4C-8004-BC62974736BF} Movie Maker-->MsiExec.exe /X{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB} Movie Maker-->MsiExec.exe /X{A17946CA-18E5-4CF0-8D55-A56D804718F8} Movie Maker-->MsiExec.exe /X{A47EA9D4-BB87-415E-9239-28860434E5A0} Movie Maker-->MsiExec.exe /X{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76} Movie Maker-->MsiExec.exe /X{BAD4B8FA-4BDA-4A59-BE64-9741031680C7} Movie Maker-->MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77} MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E} NVIDIA Graphics Driver 306.14-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver NVIDIA HD Audio Driver 1.3.18.0-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver NVIDIA PhysX System Software 9.12.0807-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /I{13153D0E-EC16-4BB7-B9EA-E622E357F353} NVIDIA Update 1.10.8-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update PAYDAY 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/218620 Photo Common-->MsiExec.exe /X{048C8498-C20B-4AF7-9978-7A79E567D74C} Photo Common-->MsiExec.exe /X{061FF8F3-5226-4278-8AAB-282C1B024F58} Photo Common-->MsiExec.exe /X{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9} Photo Common-->MsiExec.exe /X{0DF95460-2887-4011-9344-1959CDF18ADC} Photo Common-->MsiExec.exe /X{49110532-D289-4BFF-807C-45B782E66A7C} Photo Common-->MsiExec.exe /X{4AF53C99-315D-4536-873F-029D2D274AE2} Photo Common-->MsiExec.exe /X{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B} Photo Common-->MsiExec.exe /X{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA} Photo Common-->MsiExec.exe /X{743FD554-A73F-4FE8-BE7B-C283D16297F9} Photo Common-->MsiExec.exe /X{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2} Photo Common-->MsiExec.exe /X{989889A7-D13D-4DA4-B059-B250784DFABC} Photo Common-->MsiExec.exe /X{AA82E5EF-70C2-41CB-8432-309078304CBB} Photo Common-->MsiExec.exe /X{C7929038-EDFB-416D-A2C9-CC65416DA0DF} Photo Common-->MsiExec.exe /X{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB} Photo Common-->MsiExec.exe /X{EC33D375-5164-4374-9061-43F5C6073219} Photo Common-->MsiExec.exe /X{F54030F3-14B6-432D-9361-78DCB1473920} Photo Gallery-->MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243} Photo Gallery-->MsiExec.exe /X{63824BC0-B747-43F3-9863-1066D64AD919} Photo Gallery-->MsiExec.exe /X{E0E0FB88-D570-463E-A98E-733B7B656867} Photo Gallery-->MsiExec.exe /X{F67CA22C-C11F-4573-8406-57F75BA06B51} Podstawowe programy Windows Live-->MsiExec.exe /I{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545} Raccolta foto-->MsiExec.exe /X{D04EBB49-C985-4A38-8695-62000861293A} Razer Cortex-->"C:\Program Files (x86)\Razer\Razer Cortex\unins000.exe" Razer Surround-->"C:\ProgramData\Razer\Synapse\ProductUpdates\Uninstallers\Razer Surround\Razer Surround_Uninstaller.exe" /S Razer Synapse-->MsiExec.exe /I{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Rise of Nations: Extended Edition-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/287450 Sleeping Dogs™-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/202170 Sniper Elite V2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/63380 Steam-->C:\Program Files (x86)\Steam\uninstall.exe The Elder Scrolls V: Skyrim-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850 The Walking Dead: Season Two-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/261030 The Walking Dead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/207610 Tropico 4-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/57690 Valokuvavalikoima-->MsiExec.exe /X{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF} Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484} Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF} Windows Live Essentials-->MsiExec.exe /I{49F068F2-4323-417B-AFC8-1E43F479D46C} Windows Live Essentials-->MsiExec.exe /I{690F5BA3-5DEB-42CD-962B-F687EE59FAA7} Windows Live Essentials-->MsiExec.exe /I{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C} Windows Live Essentials-->MsiExec.exe /I{715F9B21-2817-402A-9BF0-BDA764D21F09} Windows Live Essentials-->MsiExec.exe /I{857BC375-BCFB-474E-9BD9-7EBB18EC55E0} Windows Live Essentials-->MsiExec.exe /I{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF} Windows Live Essentials-->MsiExec.exe /I{9C60D080-84E7-43A5-8ECA-28253D253BD7} Windows Live Essentials-->MsiExec.exe /I{A37F2060-813A-4325-9456-272B10EE75EF} Windows Live Essentials-->MsiExec.exe /I{B096A0E4-26A1-4E9F-8548-577964B9434B} Windows Live Essentials-->MsiExec.exe /I{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4} Windows Live Essentials-->MsiExec.exe /I{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC} Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC} Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72} Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6} Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214} Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552} Windows Live Temel Parçalar-->MsiExec.exe /I{5A30E103-9FA6-4A23-A107-E1F5F174BB62} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3} Windows Live UX Platform Language Pack-->MsiExec.exe /I{3C63F944-803E-49A7-B3A2-B8AB3313E883} Windows Live UX Platform Language Pack-->MsiExec.exe /I{3D4F3F4C-E364-4E46-BFB1-A00BF9777422} Windows Live UX Platform Language Pack-->MsiExec.exe /I{4AA2A466-8031-403A-8236-5301B4E391FB} Windows Live UX Platform Language Pack-->MsiExec.exe /I{537B16E0-A39F-47CB-9C1E-50978862B108} Windows Live UX Platform Language Pack-->MsiExec.exe /I{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55} Windows Live UX Platform Language Pack-->MsiExec.exe /I{88809C3E-8C92-4454-AEB7-B26166E3D6CD} Windows Live UX Platform Language Pack-->MsiExec.exe /I{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0} Windows Live UX Platform Language Pack-->MsiExec.exe /I{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5} Windows Live UX Platform Language Pack-->MsiExec.exe /I{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC} Windows Live UX Platform Language Pack-->MsiExec.exe /I{B693A4C3-B708-4F25-978E-56CA2517914C} Windows Live UX Platform Language Pack-->MsiExec.exe /I{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3} Windows Live UX Platform Language Pack-->MsiExec.exe /I{BA068968-594F-40BE-8EE8-99119123C991} Windows Live UX Platform Language Pack-->MsiExec.exe /I{CE542E0D-E056-4426-9F98-084C13E18641} Windows Live UX Platform Language Pack-->MsiExec.exe /I{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162} Windows Live UX Platform Language Pack-->MsiExec.exe /I{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E} Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315} Windows Live-->MsiExec.exe /I{8D813AFF-D91D-4EE0-821F-B901FC2E89FA} Windows Liven peruspaketti-->MsiExec.exe /I{28B2947F-FC0B-4450-80E3-6DF698E824A6} Συλλογή φωτογραφιών-->MsiExec.exe /X{A19A8C25-272A-4CD6-8BA8-3772321A021B} ======Hosts File====== 127.0.0.1 localhost ::1 localhost ======System event log====== Computer Name: WIN-DQGFU3CGIIF Event Code: 109 Message: Er is een overgang naar afsluiting gestart. Record Number: 5 Source Name: Microsoft-Windows-Kernel-Power Time Written: 20130405142353.988374-000 Event Type: Informatie User: Computer Name: WIN-DQGFU3CGIIF Event Code: 4001 Message: WLAN AutoConfig-service is gestopt. Record Number: 4 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20130405142353.488335-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: WIN-DQGFU3CGIIF Event Code: 6005 Message: De Event Log-service is gestart. Record Number: 3 Source Name: EventLog Time Written: 20151028022714.000000-000 Event Type: Informatie User: Computer Name: WIN-DQGFU3CGIIF Event Code: 6009 Message: Microsoft (R) Windows (R) 6.02. 9200 Multiprocessor Free. Record Number: 2 Source Name: EventLog Time Written: 20151028022714.000000-000 Event Type: Informatie User: Computer Name: WIN-DQGFU3CGIIF Event Code: 6011 Message: De NetBIOS-naam en de DNS-hostnaam van deze computer zijn veranderd van WIN-DQGFU3CGIIF in WIN-7KB3IQGUMMI. Record Number: 1 Source Name: EventLog Time Written: 20151028022714.000000-000 Event Type: Informatie User: =====Application event log===== Computer Name: WIN-DQGFU3CGIIF Event Code: 5615 Message: De Windows Management Instrumentation-service is gestart Record Number: 5 Source Name: Microsoft-Windows-WMI Time Written: 20151028022721.530517-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: WIN-DQGFU3CGIIF Event Code: 0 Message: Intel(R) Dynamic Application Loader Host Interface Service started. Record Number: 4 Source Name: IntelDalJhi Time Written: 20151028022720.000000-000 Event Type: Informatie User: Computer Name: WIN-DQGFU3CGIIF Event Code: 0 Message: Service started Record Number: 3 Source Name: Intel(R) Capability Licensing Service Interface Time Written: 20151028022720.000000-000 Event Type: Informatie User: Computer Name: WIN-DQGFU3CGIIF Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20151028022715.795868-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: WIN-DQGFU3CGIIF Event Code: 4625 Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20151028022715.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: WIN-DQGFU3CGIIF Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151028022701.779566-000 Event Type: Controle geslaagd User: Computer Name: WIN-DQGFU3CGIIF Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: WIN-DQGFU3CGIIF$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Aanmeldingstype: 5 Imitatieniveau: Imitatie Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2c4 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met authenticatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151028022701.779566-000 Event Type: Controle geslaagd User: Computer Name: WIN-DQGFU3CGIIF Event Code: 4902 Message: De tabel voor controlebeleid per gebruiker is gemaakt. Aantal elementen: 0 Beleids-id: 0x66B5F Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151028022700.888529-000 Event Type: Controle geslaagd User: Computer Name: WIN-DQGFU3CGIIF Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-0-0 Accountnaam: - Accountdomein: - Aanmeldings-id: 0x0 Aanmeldingstype: 0 Imitatieniveau: - Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x4 Naam proces: Netwerkgegevens: Naam van werkstation: - Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: - Verificatiepakket: - Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met authenticatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151028022700.075197-000 Event Type: Controle geslaagd User: Computer Name: WIN-DQGFU3CGIIF Event Code: 4608 Message: Windows wordt opgestart. Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20151028022700.043945-000 Event Type: Controle geslaagd User: ======Environment variables====== "FP_NO_HOST_CHECK"=NO "USERNAME"=SYSTEM "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT "ComSpec"=%SystemRoot%\system32\cmd.exe "TMP"=%SystemRoot%\TEMP "OS"=Windows_NT "windir"=%SystemRoot% "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=8 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=3a09 -----------------EOF-----------------