info.txt logfile of random's system information tool 1.10 2015-11-20 01:39:16 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AB3F7C1E600008020210007DF130C000800000020030000DF140C07FEFFFF0028030000D89B2400FEFFFF07FEFFFF00009F24003099150000000000000000000000000000000055AA ======Uninstall list====== -->MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} 3TB+Unlock B11.0919.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}\setup.exe" -l0x9 -removeonly Adobe Acrobat Reader DC - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AC0F074E4100} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{77D28FF5-242F-488A-8215-937D6A4D69E0} Adobe Flash Player 19 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_Plugin.exe -maintain plugin Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824161310} AMD Accelerated Video Transcoding-->MsiExec.exe /X{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB} AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441} AMD Catalyst Install Manager-->msiexec /q/x{37FCE154-7F59-74F0-3A35-BF503CEB230B} REBOOT=ReallySuppress AMD Drag and Drop Transcoding-->MsiExec.exe /X{999DB5B3-EE44-8837-2B51-4AF44CD1FD22} AMD Media Foundation Decoders-->MsiExec.exe /X{30921AC4-6875-F7DF-B48B-2BB68C000BB6} AVG PC TuneUp-->C:\Program Files (x86)\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe /mode=offline /uninstall=tu Avira Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE Avira Launcher-->"C:\ProgramData\Package Cache\{59c4462d-a177-4d44-a95b-deda1be79844}\Avira.OE.Setup.Bundle.exe" /uninstall Avira Launcher-->MsiExec.exe /I{18BD67B4-2BB3-4D1B-A33A-1B57A3BB7A1C} Battle.net-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang= --uid=battle.net --displayname="Battle.net" Catalyst Control Center - Branding-->MsiExec.exe /I{88B2ABCF-9C00-47C1-8FC4-369B98845DD7} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9} Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE} Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640} Conceptronic 300N Wireless Adapter (v3.0)-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly Curse-->MsiExec.exe /X{39258ACA-B9D9-418C-ACE2-D874436BD88D} DAEMON Tools Lite-->D:\DAEMON Tools Lite\uninst.exe Defraggler-->"C:\Program Files\Defraggler\uninst.exe" Diablo III-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=diablo3_engb --displayname="Diablo III" DMIView Ver.1.5 B12.0314.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly Dolby Axon - 1.5.1.1-->"D:\Dolby Axon\DolbyAxon\unins000.exe" Face_Wizard B12.0531.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly FMW 1-->MsiExec.exe /I{BCA7CC8C-745B-4340-B3A8-BC79A8498107} Gaming Mouse Editor-->"C:\ProgramData\Microsoft\Windows\Templates\OEM\GamingMouseEditor\Setup.exe" uninstall Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Hearthstone-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enGB --uid=hs_beta --displayname="Hearthstone" Heroes of the Storm-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=heroes --displayname="Heroes of the Storm" Hi-Rez Studios Authenticate and Update Service-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=all inSSIDer 3-->MsiExec.exe /X{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768} Java 8 Update 31-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218031F0} KMSpico 8.8.2-->"D:\KMSpico\unins000.exe" League of Legends-->msiexec.exe /x {79BF4901-1EC4-4726-B3C2-A7859706C6E7} League of Legends-->MsiExec.exe /X{79BF4901-1EC4-4726-B3C2-A7859706C6E7} LibreOffice 4.0.1.2-->MsiExec.exe /I{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC} Malwarebytes Anti-Malware versie 2.2.0.1024-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" Microsoft .NET Framework 4.5.1 (Nederlands)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\NLD\\Setup.exe /repair /x86 /x64 /lcid 1043 Microsoft .NET Framework 4.5.1 (NLD)-->MsiExec.exe /X{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09} Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64 Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE} Microsoft Security Client-->MsiExec.exe /X{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00} Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9} Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942} Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} Mozilla Firefox 28.0 (x86 nl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" NirSoft BlueScreenView-->"C:\Program Files (x86)\NirSoft\BlueScreenView\uninst.exe" NVIDIA PhysX-->MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U Paladins-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=402 paw·ned² v1.3-->C:\Program Files (x86)\pawned2\uninst.exe Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {73E43C35-D717-337B-9F50-66F5623A8E1C} Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {F403E543-04A6-3024-BE38-189172855D13} Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CE42A318-3E62-3F40-B52A-9CE658805801} Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CF7790C7-662A-3829-B49E-61578D4D9838} Sitecom WiFi USB Adapter AC580-->"C:\Program Files (x86)\InstallShield Installation Information\{EB7E62BE-B5E7-4D4A-A69C-CE78CCF4B8FF}\setup.exe" -runfromtemp -l0x0413 -removeonly Skype™ 7.13-->MsiExec.exe /X{6A0549A9-1B96-498C-ACBC-3943001FEB19} Smite-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=17 Speccy-->"C:\Program Files\Speccy\uninst.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab Detection-->MsiExec.exe /X{1710305A-A84D-436A-AF92-B404DDBA26F0} Update Manager B12.0418.1-->"C:\Program Files (x86)\InstallShield Installation Information\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}\setup.exe" -runfromtemp -l0x0409 -removeonly VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578} Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484} Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} VLC media player 2.0.6-->D:\VLC\uninstall.exe Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Phone app for desktop-->MsiExec.exe /X{54EC61F0-6D02-450E-9F1B-9506EAE9F23C} WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: Gigabyte Event Code: 2010 Message: Microsoft Antimalware heeft de dynamische handtekeningenservice gebruikt om extra handtekeningen op te halen voor de bescherming van uw computer. Huidige handtekeningversie: 1.199.1258.0 Type handtekening: Antivirus Huidige engineversie: 1.1.11701.0 Type dynamische handtekening: Handtekeningupdate Persistentiepad: c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\RtSigs\data\a2ec9c877fbc69f19c599a5c9f98bf44f10df1ab Versie dynamische handtekening: 0.0.0.0 Tijdstempel compilatie dynamische handtekening: ‎1-‎1-‎1601 0:02:23 Type persistentielimiet: Duur Persistentielimiet: 216000000 Record Number: 222695 Source Name: Microsoft Antimalware Time Written: 20150530124634.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 2010 Message: Microsoft Antimalware heeft de dynamische handtekeningenservice gebruikt om extra handtekeningen op te halen voor de bescherming van uw computer. Huidige handtekeningversie: 1.199.1258.0 Type handtekening: Antivirus Huidige engineversie: 1.1.11701.0 Type dynamische handtekening: Handtekeningupdate Persistentiepad: c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\RtSigs\data\3608f95286f5323caf5fbcd1fce4e2e800dfe0bc Versie dynamische handtekening: 0.0.0.0 Tijdstempel compilatie dynamische handtekening: ‎1-‎1-‎1601 0:02:23 Type persistentielimiet: Duur Persistentielimiet: 216000000 Record Number: 222694 Source Name: Microsoft Antimalware Time Written: 20150530124634.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 2010 Message: Microsoft Antimalware heeft de dynamische handtekeningenservice gebruikt om extra handtekeningen op te halen voor de bescherming van uw computer. Huidige handtekeningversie: 1.199.1258.0 Type handtekening: Antivirus Huidige engineversie: 1.1.11701.0 Type dynamische handtekening: Handtekeningupdate Persistentiepad: c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\RtSigs\data\f6795e7d578dedf361004c0511d622143da5e1ea Versie dynamische handtekening: 0.0.0.0 Tijdstempel compilatie dynamische handtekening: ‎1-‎1-‎1601 0:02:23 Type persistentielimiet: Duur Persistentielimiet: 216000000 Record Number: 222693 Source Name: Microsoft Antimalware Time Written: 20150530124634.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 2010 Message: Microsoft Antimalware heeft de dynamische handtekeningenservice gebruikt om extra handtekeningen op te halen voor de bescherming van uw computer. Huidige handtekeningversie: 1.199.1258.0 Type handtekening: Antivirus Huidige engineversie: 1.1.11701.0 Type dynamische handtekening: Handtekeningupdate Persistentiepad: c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\RtSigs\data\b97a4a2b4d6656135e98ff965db8865e042c5bfb Versie dynamische handtekening: 0.0.0.0 Tijdstempel compilatie dynamische handtekening: ‎1-‎1-‎1601 0:02:23 Type persistentielimiet: Duur Persistentielimiet: 216000000 Record Number: 222692 Source Name: Microsoft Antimalware Time Written: 20150530124633.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 2010 Message: Microsoft Antimalware heeft de dynamische handtekeningenservice gebruikt om extra handtekeningen op te halen voor de bescherming van uw computer. Huidige handtekeningversie: 1.199.1258.0 Type handtekening: Antivirus Huidige engineversie: 1.1.11701.0 Type dynamische handtekening: Handtekeningupdate Persistentiepad: c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\RtSigs\data\e53016fef4a597c0106dbecaf9853d9b81fe05c1 Versie dynamische handtekening: 0.0.0.0 Tijdstempel compilatie dynamische handtekening: ‎1-‎1-‎1601 0:02:23 Type persistentielimiet: Duur Persistentielimiet: 216000000 Record Number: 222691 Source Name: Microsoft Antimalware Time Written: 20150530124633.000000-000 Event Type: Informatie User: =====Application event log===== Computer Name: Gigabyte Event Code: 5615 Message: De Windows Management Instrumentation-service is gestart Record Number: 28560 Source Name: Microsoft-Windows-WMI Time Written: 20140428133231.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 100 Message: Service started. Record Number: 28559 Source Name: SkypeUpdate Time Written: 20140428133229.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 6000 Message: De kennisgevingssubscriber van winlogon was niet beschikbaar om een kennisgevingsgebeurtenis te verwerken. Record Number: 28558 Source Name: Microsoft-Windows-Winlogon Time Written: 20140428133221.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 4101 Message: De licentie van Windows is gevalideerd. Record Number: 28557 Source Name: Microsoft-Windows-Winlogon Time Written: 20140428133221.000000-000 Event Type: Informatie User: Computer Name: Gigabyte Event Code: 0 Message: Record Number: 28556 Source Name: AdobeARMservice Time Written: 20140428133218.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: Gigabyte Event Code: 4905 Message: Er is geprobeerd de registratie van de bron van een beveiligingsgebeurtenis op te heffen. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIGABYTE$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Proces: Proces-id: 0x1064 Procesnaam: C:\Windows\System32\VSSVC.exe Gebeurtenisbron: Bronnaam: VSSAudit Gebeurtenisbron-id: 0x12267d38 Record Number: 55050 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140919013922.263563-000 Event Type: Controle geslaagd User: Computer Name: Gigabyte Event Code: 4904 Message: Er is geprobeerd de bron van een beveiligingsgebeurtenis te registreren. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIGABYTE$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Proces: Proces-id: 0x1064 Procesnaam: C:\Windows\System32\VSSVC.exe Gebeurtenisbron: Bronnaam: VSSAudit Gebeurtenisbron-id: 0x12267d38 Record Number: 55049 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140919013922.263563-000 Event Type: Controle geslaagd User: Computer Name: Gigabyte Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 55048 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140919013909.433829-000 Event Type: Controle geslaagd User: Computer Name: Gigabyte Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIGABYTE$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x220 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 55047 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140919013909.433829-000 Event Type: Controle geslaagd User: Computer Name: Gigabyte Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 55046 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140919013909.335823-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=21 "PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 1 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0102 "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ -----------------EOF-----------------