info.txt logfile of random's system information tool 1.10 2016-08-29 09:25:44 ======MBR====== 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EF8C27A0000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA ======Uninstall list====== -->"C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\Uninstall.exe" Adobe Acrobat Reader DC - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AC0F074E4100} Adobe Flash Player 22 NPAPI-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_Plugin.exe -maintain plugin Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824191728} Apple Application Support (32-bit)-->MsiExec.exe /I{D4B07658-F443-4445-A261-E643996E139D} Apple Application Support (64-bit)-->MsiExec.exe /I{A6B0442B-E159-444B-B49D-6B9AC531EAE3} Apple Mobile Device Support-->MsiExec.exe /I{2E4AF2A6-50EA-4260-9BA4-5E582D11879A} Apple Software Update-->MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83} ASUS InstantOn-->MsiExec.exe /I{749F674B-2674-47E8-879C-5626A06B2A91} ASUS LifeFrame3-->MsiExec.exe /X{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} ASUS Screen Saver-->MsiExec.exe /I{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2} ASUS Smart Gesture-->MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D} ASUS USB Charger Plus-->MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF} ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1} ASUS WebStorage Sync Agent-->C:\Program Files (x86)\ASUS\WebStorage Sync Agent\uninst.exe ASUSDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall ASUSDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall AsusVibe2.0-->C:\Program Files (x86)\Asus\AsusVibe\unins000.exe ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} Audacity 2.0.5-->"C:\Program Files (x86)\Audacity\unins000.exe" Azteca-->"C:\Program Files (x86)\WildGames\Azteca\uninstall\uninstaller.exe" Bejeweled 3-->"C:\Program Files (x86)\WildGames\Bejeweled 3\uninstall\uninstaller.exe" Belgium e-ID middleware 4.1.7 (build 1666)-->MsiExec.exe /I{DB942AEA-93D6-4FE4-8862-180D35A71666} Bonjour-->MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" ConTEXT v0.98.6-->"C:\Program Files (x86)\ConTEXT\unins000.exe" Cut the Rope-->"C:\Program Files (x86)\WildGames\Cut the Rope\uninstall\uninstaller.exe" CyberLink LabelPrint 2.5-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink LabelPrint 2.5-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Dacia Media Nav Toolbox-->"C:\Program Files (x86)\Dacia Media Nav\Toolbox\uninst.exe" Dropbox Update Helper-->MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} Dropbox-->"C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE FileASSASSIN-->C:\Program Files (x86)\FileASSASSIN\uninst.exe FileZilla Client 3.8.0-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe Fotogalerie-->MsiExec.exe /X{3CBD94C1-BA15-488C-888B-D8DD296CC6DC} Galerie de photos-->MsiExec.exe /X{446CC8CE-0E90-44F7-ADD0-774B243EF090} GIMP 2.8.10-->"C:\Program Files\GIMP 2\uninst\unins000.exe" GNU Solfege 3.22.2-->"C:\Program Files (x86)\GNU Solfege\unins000.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Earth-->MsiExec.exe /I{817750FA-EC6A-485D-9901-0683AE6FFDF1} Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HD Tune 2.55-->"C:\Program Files (x86)\HD Tune\unins000.exe" iCloud-->MsiExec.exe /I{724A887F-2B55-4306-B6F9-8F0E7A04B1B5} Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) Processor Graphics-->"C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} Interlinear Scripture Analyzer 2 basic-->C:\PROGRA~3\INSTAL~1\{C8F75~1\Setup.exe /remove /q0 iTunes-->MsiExec.exe /I{955524E7-79EB-4CA9-BA4D-FD2DF587651B} Java 8 Update 101-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180101F0} Maxx Audio Installer (x64)-->MsiExec.exe /X{307032B2-6AF2-46D7-B933-62438DEB2B9A} McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe" Microsoft Office 365 - nl-nl-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=O365HomePremRetail.16_nl-nl_x-none culture=nl-nl Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} MiniTool Partition Recovery 5.0-->"C:\Program Files (x86)\MiniTool Partition Recovery 5.0\unins000.exe" MiniTool Power Data Recovery Free Edition 7.0-->"C:\Program Files\PowerDataRecovery\unins000.exe" Movie Maker-->MsiExec.exe /X{03CC9D58-B132-4CC0-A521-4F3660AA43C7} Movie Maker-->MsiExec.exe /X{701FE1BC-834A-4857-AF62-6EBA50CFBC78} Movie Maker-->MsiExec.exe /X{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB} Movie Maker-->MsiExec.exe /X{A17946CA-18E5-4CF0-8D55-A56D804718F8} Movie Maker-->MsiExec.exe /X{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76} Movie Maker-->MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535} MozBackup 1.5.1-->C:\Program Files (x86)\MozBackup\Uninstall.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" Mozilla Thunderbird 45.2.0 (x86 nl)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77} MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} Musicnotes Player V1.32.2 and Viewer V1.19.0-->"C:\Program Files (x86)\Musicnotes\unins000.exe" MyBitCast 2.0-->C:\Program Files (x86)\ASUS\MyBitCast\uninst.exe Naviextras Toolbox Prerequesities-->MsiExec.exe /I{537575D6-3B96-474C-BD8F-DFF667363DBD} Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE} Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE} Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0413-0000-0000000FF1CE} OpenOffice 4.1.2-->MsiExec.exe /I{41E7B095-1618-49CF-972F-72B5D5235423} Peggle-->"C:\Program Files (x86)\WildGames\Peggle\uninstall\uninstaller.exe" Penguins!-->"C:\Program Files (x86)\WildGames\Penguins!\uninstall\uninstaller.exe" Photo Common-->MsiExec.exe /X{49110532-D289-4BFF-807C-45B782E66A7C} Photo Common-->MsiExec.exe /X{4AF53C99-315D-4536-873F-029D2D274AE2} Photo Common-->MsiExec.exe /X{743FD554-A73F-4FE8-BE7B-C283D16297F9} Photo Common-->MsiExec.exe /X{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB} Photo Common-->MsiExec.exe /X{F54030F3-14B6-432D-9361-78DCB1473920} Photo Gallery-->MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243} Photo Gallery-->MsiExec.exe /X{63824BC0-B747-43F3-9863-1066D64AD919} Photo Gallery-->MsiExec.exe /X{F67CA22C-C11F-4573-8406-57F75BA06B51} Qualcomm Atheros Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly QuickTime 7-->MsiExec.exe /I{627FFC10-CE0A-497F-BA2B-208CAC638010} Raccolta foto-->MsiExec.exe /X{D04EBB49-C985-4A38-8695-62000861293A} Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0409 -removeonly Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly SceneSwitch-->MsiExec.exe /I{5172E572-C175-4F80-A6D5-5CB45826AD61} Shared C Run-time for x64-->MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054} Skype Meetings App-->MsiExec.exe /X{540491EE-36D1-448A-AB79-2A75B3D0FFA3} Skype™ 7.26-->MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe" Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5)-->rundll32.exe C:\PROGRA~1\DIFX\4CBAA6~1\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\System32\DriverStore\FileRepository\beidmdrv.inf_amd64_434c3be66d9de384\beidmdrv.inf SubMagic V0.71-->"C:\Program Files (x86)\SubMagic\unins000.exe" Tales of Lagoona-->"C:\Program Files (x86)\WildGames\Tales of Lagoona\uninstall\uninstaller.exe" TomTom MyDrive Connect 4.1.1.2797-->C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe TSP_CODEC-->C:\Program Files (x86)\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd Unlocker 1.9.2-->C:\Program Files\Unlocker\uninst.exe Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe" Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484} Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} Visual Studio C++ 10.0 Runtime-->MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790} WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\asus\Uninstall.exe" WildTangent Games-->"C:\Program Files (x86)\WildGames\Uninstall.exe" Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186)-->C:\PROGRA~1\DIFX\8E39A5~1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\asustp.inf_amd64_3f867334812e6a2c\asustp.inf Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{690F5BA3-5DEB-42CD-962B-F687EE59FAA7} Windows Live Essentials-->MsiExec.exe /I{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C} Windows Live Essentials-->MsiExec.exe /I{B096A0E4-26A1-4E9F-8548-577964B9434B} Windows Live Essentials-->MsiExec.exe /I{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4} Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC} Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72} Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6} Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214} Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552} Windows Live UX Platform Language Pack-->MsiExec.exe /I{4AA2A466-8031-403A-8236-5301B4E391FB} Windows Live UX Platform Language Pack-->MsiExec.exe /I{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0} Windows Live UX Platform Language Pack-->MsiExec.exe /I{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3} Windows Live UX Platform Language Pack-->MsiExec.exe /I{CE542E0D-E056-4426-9F98-084C13E18641} Windows Live UX Platform Language Pack-->MsiExec.exe /I{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E} Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315} Windows Live-->MsiExec.exe /I{8D813AFF-D91D-4EE0-821F-B901FC2E89FA} Windows-stuurprogrammapakket - ASUS (ATP) Mouse (11/11/2015 1.0.0.262)-->C:\PROGRA~1\DIFX\00492DD9759FFDE0\dpinst.exe /u C:\WINDOWS\System32\DriverStore\FileRepository\asustp.inf_amd64_36f3ebba989df59b\asustp.inf WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} Wise Care 365 4.24-->"C:\Program Files (x86)\Wise\Wise Care 365\unins000.exe" Wise Force Deleter 1.23-->"C:\Program Files (x86)\Wise\Wise Force Deleter\unins000.exe" XAMPP-->C:\xampp\uninstall.exe ======Hosts File====== 0.0.0.1 mssplus.mcafee.com ======System event log====== Computer Name: Gideon Event Code: 10010 Message: De server {784E29F4-5EBE-4279-9948-1E8FE941646D} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Record Number: 24237 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20160418150125.586413-000 Event Type: Fout User: NT AUTHORITY\SYSTEM Computer Name: Gideon Event Code: 16 Message: De toegangsgeschiedenis in component \??\C:\Users\Marco\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Settings\settings.dat is gewist, waarbij 3 sleutels zijn bijgewerkt en 1 gewijzigde pagina's zijn gemaakt. Record Number: 24236 Source Name: Microsoft-Windows-Kernel-General Time Written: 20160418150055.682288-000 Event Type: Informatie User: GIDEON\Marco Computer Name: Gideon Event Code: 16 Message: De toegangsgeschiedenis in component \??\C:\Users\Marco\AppData\Local\Packages\microsoft.commsphone_8wekyb3d8bbwe\Settings\settings.dat is gewist, waarbij 6 sleutels zijn bijgewerkt en 1 gewijzigde pagina's zijn gemaakt. Record Number: 24235 Source Name: Microsoft-Windows-Kernel-General Time Written: 20160418145950.572985-000 Event Type: Informatie User: GIDEON\Marco Computer Name: Gideon Event Code: 10010 Message: De server {784E29F4-5EBE-4279-9948-1E8FE941646D} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Record Number: 24234 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20160418145924.333944-000 Event Type: Fout User: NT AUTHORITY\SYSTEM Computer Name: Gideon Event Code: 16 Message: De toegangsgeschiedenis in component \??\C:\Users\Marco\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat is gewist, waarbij 3 sleutels zijn bijgewerkt en 1 gewijzigde pagina's zijn gemaakt. Record Number: 24233 Source Name: Microsoft-Windows-Kernel-General Time Written: 20160418145848.857738-000 Event Type: Informatie User: GIDEON\Marco =====Application event log===== Computer Name: Gideon Event Code: 1016 Message: Het aankoopbewijs is geïnstalleerd. ACID=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8 PKeyId=aae1191f-7f47-05b8-8319-664b3ee8c42e Record Number: 5 Source Name: Microsoft-Windows-Security-SPP Time Written: 20151208030645.607617-000 Event Type: Informatie User: Computer Name: Gideon Event Code: 4097 Message: De automatische update van het basiscertificaat (onderwerp: ) is voltooid. Sha1-vingerafdruk: <97817950D81C9670CC34D809CF794431367EF474>. Record Number: 4 Source Name: Microsoft-Windows-CAPI2 Time Written: 20151208030537.215041-000 Event Type: Informatie User: Computer Name: Gideon Event Code: 5615 Message: De Windows Management Instrumentation-service is gestart Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20151208030528.622119-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: Gideon Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20151208030521.675426-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: GIDEON Event Code: 4625 Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20151208030520.448554-000 Event Type: Informatie User: =====Security event log===== Computer Name: Gideon Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIDEON$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: marco@gideoninternational.nl Accountdomein: MicrosoftAccount Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x378 Procesnaam: C:\Windows\System32\svchost.exe Netwerkgegevens: Netwerkadres: 127.0.0.1 Poort: 0 Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 6180 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20160123171539.504995-000 Event Type: Controle geslaagd User: Computer Name: Gideon Event Code: 4738 Message: Er is een gebruikersaccount gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIDEON$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Doelaccount: Beveiligings-id: S-1-5-21-3000434625-2727981046-3562732110-1001 Accountnaam: Marco Accountdomein: Gideon Gewijzigde kenmerken: SAM-accountnaam: - Weergavenaam: Marco Sanders Principal-naam van gebruiker: - Basismap: - Basisstation: - Pad naar script: - Pad naar profiel: - Gebruikerswerkstations: - Wachtwoord voor het laatst ingesteld: - Account verloopt op: - Primaire groeps-id: - Mag overdragen aan: - Oude UAC-waarde: - Nieuwe UAC-waarde: - Gebruikersaccountbeheer: - Gebruikersparameters: - SID-geschiedenis: - Aantal uren aangemeld: - Aanvullende gegevens: Bevoegdheden: - Record Number: 6179 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20160123171539.492190-000 Event Type: Controle geslaagd User: Computer Name: Gideon Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 6178 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20160123171530.243805-000 Event Type: Controle geslaagd User: Computer Name: Gideon Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIDEON$ Accountdomein: WORKGROUP Aanmeldings-id: : 0x3E7 Aanmeldingsgegevens: Aanmeldingstype 5 Beperkte beheermodus: - Virtueel account: Nee Verhoogd token: Ja Imitatieniveau: Imitatie Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Gekoppelde aanmeldings-id: 0x0 Netwerkaccountnaam: - Netwerkaccountdomein: - Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2fc Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde authenticatiegegevens: Aanmeldingsproces: Advapi Authenticatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 6177 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20160123171530.243768-000 Event Type: Controle geslaagd User: Computer Name: Gideon Event Code: 4799 Message: Een lokaal groepslidmaatschap met beveiliging is opgesomd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: GIDEON$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Groep: Beveiligings-id: S-1-5-32-544 Groepsnaam: Administrators Groepsdomein: Builtin Procesgegevens: Proces-id: 0x378 Procesnaam: C:\Windows\System32\svchost.exe Record Number: 6176 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20160123171522.118508-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "OS"=Windows_NT "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=3a09 "FP_NO_HOST_CHECK"=NO "Path"=C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\ "configsetroot"=%SystemRoot%\ConfigSetRoot "asl.log"=Destination=file "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------