info.txt logfile of random's system information tool 1.10 2016-04-16 21:37:04

======MBR======

0x33C08ED0BC007CFB5007501FFCBE1B7CBF1B065057B9E501F3A4CBBDBE07B104386E007C09751383C510E2F4CD188BF583C610497419382C74F6A0B507B4078BF0AC3C0074FCBB0700B40ECD10EBF2884E10E84600732AFE4610807E040B740B807E040C7405A0B60775D2804602068346080683560A00E821007305A0B607EBBC813EFE7D55AA740B807E100074C8A0B707EBA98BFC1E578BF5CBBF05008A5600B408CD1372238AC1243F988ADE8AFC43F7E38BD186D6B106D2EE42F7E239560A77237205394608731CB80102BB007C8B4E028B5600CD1373514F744E32E48A5600CD13EBE48A560060BBAA55B441CD13723681FB55AA7530F6C101742B61606A006A00FF760AFF76086A0068007C6A016A10B4428BF4CD136161730E4F740B32E48A5600CD13EBD661F9C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000083706F00008001010007FEFFFF3F000000602E0E0F00FEFFFF07FEFFFFAB370E0FD60D0E0E000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AC0F074E4100}
Adobe Flash Player 21 NPAPI-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_Plugin.exe -maintain plugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824166751}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
AVG 2016-->MsiExec.exe /I{ACC5B116-C09D-429E-9ACF-768FA52DC072}
AVG Protection-->C:\Program Files (x86)\AVG\Setup\avgsetupx.exe /mode=offline /uninstall=av
AVG-->MsiExec.exe /I{8719FCC9-FE23-4CFC-B2D7-9929B799B4B5}
aXmag ePublisher3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{62695CFD-A6B7-426C-98B7-B102A2F278DF}\Setup.exe" 
Belgium e-ID middleware 4.0.7 (build 7466)-->MsiExec.exe /I{824563DE-75AD-4166-9DC0-B6482F207466}
Box Sync-->MsiExec.exe /X{D368743E-19BC-4455-92AE-322D50412286}
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder150\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 1.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x0013
Canon PowerShot Utilities PhotoStitch 3.1-->C:\Windows\IsUninst.exe -f"C:\Program Files\PowerShot\PhotoStitch\Uninst.isu"
Canon Utilities CameraWindow DC 8-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDC8\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities MyCamera-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2"
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Directory Printer 3.6-->"C:\Program Files (x86)\Dirprint\unins000.exe"
DYMO Label v.8-->C:\Program Files (x86)\DYMO\DYMO Label Software\Uninstall DYMO Label.exe
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
FMW 1-->MsiExec.exe /I{396FF2B1-6FD6-4BA4-AA6D-3C909E8D12FF}
FormatFactory 3.6.0.0-->C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth Plug-in-->MsiExec.exe /X{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HD Tune 2.55-->"C:\Program Files (x86)\HD Tune\unins000.exe"
Java 8 Update 71 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86418071F0}
Logitech Harmony Remote Software-->C:\Program Files (x86)\InstallShield Installation Information\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech SetPoint 6.67-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)-->MsiExec.exe /I{25E80DAA-FD87-DCE5-202C-CC02F6673002}
Microsoft Office Professional Plus 2016 - nl-nl-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProplusRetail.16_nl-nl_x-none culture=nl-nl
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}
Mozilla Firefox 45.0.2 (x86 nl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
NEC Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0413  -removeonly
NEC Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
Netop Remote Control Guest-->MsiExec.exe /I{00000038-E5E0-11DF-9952-0417A1A01290}
Netop Remote Control Host-->MsiExec.exe /I{00000048-E8E0-11DE-9950-0417A1A01290}
NiceLabel 5-->"C:\ProgramData\{D7BDD92E-2857-43B3-95FD-9912B5C1BF88}\NiceLabel 5.exe" REMOVE=TRUE MODIFY=FALSE
NiceLabel 5-->C:\ProgramData\{D7BDD92E-2857-43B3-95FD-9912B5C1BF88}\NiceLabel 5.exe
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0413-1000-0000000FF1CE}
POP Peeper-->C:\Program Files (x86)\POP Peeper\Uninstall.exe
PrimoPDF -- brought to you by Nitro PDF Software-->"C:\Program Files (x86)\Nitro PDF\PrimoPDF\uninstaller.exe"
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0013 -removeonly
Samsung Magician-->"C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe"
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snagit 11-->MsiExec.exe /I{5EAF9FAA-C4B6-4741-81B4-74CD81759EAA}
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0013 -removeonly
Stuurprogrammapakket voor Windows - Fedict SmartCard  (04/30/2014 4.0.7.5)-->rundll32.exe C:\PROGRA~1\DIFX\4CBAA6~1\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\beidmdrv.inf_amd64_neutral_b172380893e35a4e\beidmdrv.inf
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD\install.exe
Taalpakket voor Visual Studio Tools for Office 3.0 Runtime - NLD-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - NLD\install.exe
TeamViewer 11-->C:\Program Files (x86)\TeamViewer\uninstall.exe
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
ThumbHTML 2.9.1, Build 360-->"C:\Program Files (x86)\ThumbHTML\unins000.exe"
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-netware-->MsiExec.exe /X{197597A7-AD33-4898-9D8E-73066818B464}
tools-solaris-->MsiExec.exe /X{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
tools-winPre2k-->MsiExec.exe /X{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}
Total Commander 64-bit (Remove or Repair)-->C:\Program Files\WINCMD\tcunin64.exe
Total Commander 64-bit (Remove or Repair)-->C:\Program Files\WINCMD\tcunin64.exe
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
UltraISO Premium V8.6-->"C:\Program Files (x86)\UltraISO\unins000.exe"
VASCO Card Reader Plug-In (64-Bit)-->MsiExec.exe /X{47659F12-27AE-6400-9B8A-2BD803020302}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
Visual Studio 2010 x64 Redistributables-->MsiExec.exe /I{21B133D6-5979-47F0-BE1C-F6A6B304693F}
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)-->C:\Windows\SysWOW64\msiexec.exe /package {8FB53850-246A-3507-8ADE-0060093FFEA6} /uninstall {1AF8622B-42B6-472C-A634-487025BD7B38} /qb+ REBOOTPROMPT=""
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 2.1.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Workstation-->"C:\ProgramData\VMware\VMware Workstation\Uninstaller\\uninstall.exe" -x -S "C:\ProgramData\VMware\VMware Workstation\Uninstaller\"
VMware Workstation-->MsiExec.exe /I{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}
Windows Desktop Gadgets-->"C:\WINDOWS\Installer\Desktop Gadgets\unins000.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinToUSB version 2.7-->"C:\Program Files\WinToUSB\unins000.exe"
Xara Designer Pro X11-->"C:\Program Files (x86)\Common Files\Xara Services\Uninstall\{B8B90DDD-85BD-4910-BA97-4ABBF1FC1674}\Xara_Designer_Pro_X11_x64_en-GB_setup.exe"
Xara Designer Pro X11-->MsiExec.exe /I{B8B90DDD-85BD-4910-BA97-4ABBF1FC1674}

======System event log======

Computer Name: GK001
Event Code: 25
Message: Het opstartmenubeleid was 0x1.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160206153947.603265-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM

Computer Name: GK001
Event Code: 27
Message: Het opstarttype was 0x0.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160206153947.603264-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM

Computer Name: GK001
Event Code: 6005
Message: De Event Log-service is gestart.
Record Number: 3
Source Name: EventLog
Time Written: 20160206154046.157755-000
Event Type: Informatie
User: 

Computer Name: GK001
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 10586  Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20160206154046.157755-000
Event Type: Informatie
User: 

Computer Name: GK001
Event Code: 12
Message: Het besturingssysteem is gestart op systeemtijd ‎2016‎-‎02‎-‎06T15:39:47.491185300Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20160206153947.603131-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: GK001
Event Code: 4097
Message: De automatische update van het basiscertificaat (onderwerp: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>) is voltooid. Sha1-vingerafdruk: <B1BC968BD4F49D622AA89A81F2150152A41D829C>.
Record Number: 5
Source Name: Microsoft-Windows-CAPI2
Time Written: 20160206154102.392153-000
Event Type: Informatie
User: 

Computer Name: GK001
Event Code: 4097
Message: De automatische update van het basiscertificaat (onderwerp: <CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>) is voltooid. Sha1-vingerafdruk: <97817950D81C9670CC34D809CF794431367EF474>.
Record Number: 4
Source Name: Microsoft-Windows-CAPI2
Time Written: 20160206154101.642153-000
Event Type: Informatie
User: 

Computer Name: GK001
Event Code: 5615
Message: De Windows Management Instrumentation-service is gestart
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160206154053.430920-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM

Computer Name: GK001
Event Code: 1531
Message: De User Profile-service is gestart.  


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160206154046.781990-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM

Computer Name: GK001
Event Code: 4625
Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160206154046.360881-000
Event Type: Informatie
User: 

=====Security event log=====

Computer Name: GK001
Event Code: 4624
Message: Er is een account aangemeld.

Onderwerp:
	Beveiligings-id:		S-1-5-18
	Accountnaam:		GK001$
	Accountdomein:		WORKGROUP
	Aanmeldings-id: :		0x3E7

Aanmeldingsgegevens:
	Aanmeldingstype
2
	Beperkte beheermodus:	-
	Virtueel account:		Nee
	Verhoogd token:		Ja

Imitatieniveau:			Imitatie

Nieuwe aanmelding:
	Beveiligings-id:		S-1-5-21-2666530191-2620505276-436360047-1000
	Accountnaam:		GK5
	Accountdomein:		GK001
	Aanmeldings-id:		0x6F029A
	Gekoppelde aanmeldings-id:		0x6F02B9
	Netwerkaccountnaam:	-
	Netwerkaccountdomein:	-
	Aanmeldings-GUID:		{00000000-0000-0000-0000-000000000000}

Procesgegevens:
	Proces-id:			0x59c
	Naam proces:		C:\Windows\System32\svchost.exe

Netwerkgegevens:
	Naam van werkstation:	GK001
	Netwerkadres van bron:	127.0.0.1
	Poort van bron:		0

Gedetailleerde authenticatiegegevens:
	Aanmeldingsproces:		User32 
	Authenticatiepakket:	Negotiate
	Doorgezette services:	-
	Pakketnaam (alleen NTLM):	-
	Sleutellengte:		0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 5028
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160212112934.632657-000
Event Type: Controle geslaagd
User: 

Computer Name: GK001
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:
	Beveiligings-id:		S-1-5-18
	Accountnaam:		GK001$
	Accountdomein:		WORKGROUP
	Aanmeldings-id:		0x3E7
	Aanmeldings-GUID:		{00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:
	Accountnaam:		GK5
	Accountdomein:		GK001
	Aanmeldings-GUID:		{00000000-0000-0000-0000-000000000000}

Doelserver:
	Naam van doelserver:	localhost
	Aanvullende gegevens:	localhost

Procesgegevens:
	Proces-id:		0x59c
	Procesnaam:		C:\Windows\System32\svchost.exe

Netwerkgegevens:
	Netwerkadres:	127.0.0.1
	Poort:			0

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 5027
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160212112934.632618-000
Event Type: Controle geslaagd
User: 

Computer Name: GK001
Event Code: 4634
Message: Er is een account afgemeld.

Onderwerp:
	Beveiligings-id:		S-1-5-7
	Accountnaam:		ANONIEME LOGON
	Accountdomein:		NT AUTHORITY
	Aanmeldings-id:		0x6EDB1C

Aanmeldingstype:			3

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt vernietigd. De gebeurtenis kan met behulp van de aanmeldings-id positief worden afgestemd met een aanmeldingsgebeurtenis. Aanmeldings-id's zijn alleen uniek wanneer de computer opnieuw is opgestart.
Record Number: 5026
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160212112921.354667-000
Event Type: Controle geslaagd
User: 

Computer Name: GK001
Event Code: 4624
Message: Er is een account aangemeld.

Onderwerp:
	Beveiligings-id:		S-1-0-0
	Accountnaam:		-
	Accountdomein:		-
	Aanmeldings-id: :		0x0

Aanmeldingsgegevens:
	Aanmeldingstype
3
	Beperkte beheermodus:	-
	Virtueel account:		Nee
	Verhoogd token:		Nee

Imitatieniveau:			Imitatie

Nieuwe aanmelding:
	Beveiligings-id:		S-1-5-7
	Accountnaam:		ANONIEME LOGON
	Accountdomein:		NT AUTHORITY
	Aanmeldings-id:		0x6EDB1C
	Gekoppelde aanmeldings-id:		0x0
	Netwerkaccountnaam:	-
	Netwerkaccountdomein:	-
	Aanmeldings-GUID:		{00000000-0000-0000-0000-000000000000}

Procesgegevens:
	Proces-id:			0x0
	Naam proces:		-

Netwerkgegevens:
	Naam van werkstation:	GK002
	Netwerkadres van bron:	192.168.0.12
	Poort van bron:		50603

Gedetailleerde authenticatiegegevens:
	Aanmeldingsproces:		NtLmSsp 
	Authenticatiepakket:	NTLM
	Doorgezette services:	-
	Pakketnaam (alleen NTLM):	NTLM V1
	Sleutellengte:		128

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 5025
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160212112921.354113-000
Event Type: Controle geslaagd
User: 

Computer Name: GK001
Event Code: 4624
Message: Er is een account aangemeld.

Onderwerp:
	Beveiligings-id:		S-1-0-0
	Accountnaam:		-
	Accountdomein:		-
	Aanmeldings-id: :		0x0

Aanmeldingsgegevens:
	Aanmeldingstype
3
	Beperkte beheermodus:	-
	Virtueel account:		Nee
	Verhoogd token:		Nee

Imitatieniveau:			Imitatie

Nieuwe aanmelding:
	Beveiligings-id:		S-1-5-7
	Accountnaam:		ANONIEME LOGON
	Accountdomein:		NT AUTHORITY
	Aanmeldings-id:		0x6ED9EE
	Gekoppelde aanmeldings-id:		0x0
	Netwerkaccountnaam:	-
	Netwerkaccountdomein:	-
	Aanmeldings-GUID:		{00000000-0000-0000-0000-000000000000}

Procesgegevens:
	Proces-id:			0x0
	Naam proces:		-

Netwerkgegevens:
	Naam van werkstation:	GK002
	Netwerkadres van bron:	192.168.0.12
	Poort van bron:		50602

Gedetailleerde authenticatiegegevens:
	Aanmeldingsproces:		NtLmSsp 
	Authenticatiepakket:	NTLM
	Doorgezette services:	-
	Pakketnaam (alleen NTLM):	NTLM V1
	Sleutellengte:		128

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 5024
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160212112921.335031-000
Event Type: Controle geslaagd
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"FP_NO_HOST_CHECK"=NO
"Path"=C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------