info.txt logfile of random's system information tool 1.10 2014-09-09 20:11:51 ======MBR====== 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F5CA06F3000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA ======Uninstall list====== -->MsiExec /X{80407BA7-7763-4395-AB98-5233F1B34E65} 7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe" Aangifte inkomstenbelasting 2012-->C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012u.exe Aangifte inkomstenbelasting 2013-->C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013u.exe Adobe Flash Player 12 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -maintain plugin Adobe Reader X (10.1.9) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} ArcSoft Panorama Maker 6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}\Setup.exe" -l0x13 ASUS Instant Connect-->MsiExec.exe /I{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B} ASUS InstantOn-->MsiExec.exe /I{749F674B-2674-47E8-879C-5626A06B2A91} ASUS LifeFrame3-->MsiExec.exe /X{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA} ASUS Product Demo Movie -->MsiExec.exe /I{DC06C90B-C5BE-42F6-B74D-A9503170998C} ASUS Smart Gesture-->MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D} ASUS Tutor-->MsiExec.exe /I{58172D66-2F69-4215-9AEC-ED8196023736} ASUS USB Charger Plus-->MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF} ASUS WebStorage Sync Agent-->C:\Program Files (x86)\ASUS\WebStorage Sync Agent\uninst.exe ASUSDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall ASUSDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} BlueStacks App Player-->C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe BlueStacks Notification Center-->MsiExec.exe /X{689FD579-0642-4D3E-AB61-F63B79C5075A} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} De Sims 3™ Film Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 70s, 80s en 90s Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}\Sims3SP08Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Ambities-->"C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Beestenbende-->"C:\Program Files (x86)\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Bovennatuurlijk-->"C:\Program Files (x86)\InstallShield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Buitenleven Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Buurtleven Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}\Sims3SP04Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Diesel Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Exotisch Eiland-->"C:\Program Files (x86)\InstallShield Installation Information\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}\Sims3EP10Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Jaargetijden-->"C:\Program Files (x86)\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Katy Perry Pakt uit-->"C:\Program Files (x86)\InstallShield Installation Information\{9B2506E3-9A3F-45B5-96BF-509CAD584650}\Sims3SP06Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Levensweg-->"C:\Program Files (x86)\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Luxe Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Na Middernacht-->"C:\Program Files (x86)\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Showtime-->"C:\Program Files (x86)\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Slaap- en badkamer Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{08A25478-C5DD-4EA7-B168-3D687CA987FF}\Sims3SP05Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Studententijd-->"C:\Program Files (x86)\InstallShield Installation Information\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}\Sims3EP09Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Supersnelle Accessoires-->"C:\Program Files (x86)\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Vooruit in de tijd-->"C:\Program Files (x86)\InstallShield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3 Wereldavonturen-->"C:\Program Files (x86)\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe" -runfromtemp -l0x0013 -removeonly De Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0013 -removeonly Epson Customer Research Participation-->MsiExec.exe /I{B26449A6-6007-4460-B4FE-C4776115BCEA} EPSON XP-302 303 305 306 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\x64\3\E_IINSIKE.EXE /R /APD /P:"EPSON XP-302 303 305 306 Series" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} Java 7 Update 55-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF} Logitech Webcam Software-->MsiExec.exe /I{987FE247-4E69-4A2E-A961-D14F901FDBF6} Malwarebytes Anti-Malware versie 2.0.2.1012-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe" Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)-->MsiExec.exe /I{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1} Microsoft Office-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Works 7.0-->MsiExec.exe /I{A29D0501-02A2-48DD-BC1B-09B27406FE9B} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Movie Maker-->MsiExec.exe /X{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2} Movie Maker-->MsiExec.exe /X{DD67BE4B-7E62-4215-AFA3-F123A800A389} Mozilla Firefox 26.0 (x86 nl)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77} MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} Nikon Message Center 2-->MsiExec.exe /X{B014EE44-9197-4513-9613-71E6EB1B514E} Norton Internet Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\21.5.0.19\InstStub.exe" /X /ARP NVIDIA GeForce Experience 2.1.1-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{8EA1BCD0-41C9-483F-BE88-D80336728B15}\NVI2.DLL",UninstallPackage Display.GFExperience NVIDIA Grafisch stuurprogramma 340.52-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{915D4BD6-9A20-4D34-AF9A-B6886F630008}\NVI2.DLL",UninstallPackage Display.Driver NVIDIA PhysX systeemsoftware 9.13.1220-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{AB65C46E-E284-44A2-A21E-9D57FD260937}\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /I{80407BA7-7763-4395-AB98-5233F1B34E65} Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe Photo Common-->MsiExec.exe /X{C3538BF4-735B-45F3-B09E-C541A007E4E8} Photo Gallery-->MsiExec.exe /X{07AAB66E-4718-422D-9218-4AFB3C922A71} Photo Gallery-->MsiExec.exe /X{F4DEB840-B638-4BCE-AC6B-057EF31E0012} PhotoFiltre-->"C:\Program Files (x86)\PhotoFiltre\Uninst.exe" Picture Control Utility x64-->MsiExec.exe /X{11953C65-BB4E-4CA4-B0F0-2600A4B20040} Popcorn Time-->"C:\Program Files (x86)\Popcorn Time\Uninstall.exe" PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe" Qualcomm Atheros Bluetooth Suite (64)-->MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801} Qualcomm Atheros Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0409 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly Revo Uninstaller 1.83-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x13 RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\Setup.exe" -l0x13 RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}\SETUP.EXE" -l0x13 Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Shared C Run-time for x64-->MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054} System Requirements Lab CYRI-->MsiExec.exe /I{F3FCB08B-E752-444D-86A0-0634A4F3B23D} System Requirements Lab for Intel-->MsiExec.exe /I{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0} ViewNX 2-->MsiExec.exe /X{635BE602-BB9C-4C59-8CC5-93F9366E8A21} Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)-->C:\PROGRA~1\DIFX\4A7292F75FEBBD3C\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\asustp.inf_amd64_c3d6019a30794ae9\asustp.inf Windows Live Communications Platform-->MsiExec.exe /I{41C61308-6CFD-4D54-AB6A-7136ED08A18E} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{1B905A9B-EB74-4C70-B81B-5F446C178566} Windows Live Installer-->MsiExec.exe /I{659CB81C-B54E-4DF1-B618-F35777393A54} Windows Live Photo Common-->MsiExec.exe /X{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9} Windows Live PIMT Platform-->MsiExec.exe /I{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4} Windows Live SOXE Definitions-->MsiExec.exe /I{D1893000-EA77-493C-8DDD-E262436E959B} Windows Live SOXE-->MsiExec.exe /I{CDC1AB00-01FF-4FC7-816A-16C67F0923C0} Windows Live UX Platform Language Pack-->MsiExec.exe /I{290C2B0A-CEE1-4F55-AB46-4571EC01DA96} Windows Live UX Platform-->MsiExec.exe /I{00F9DB8C-65D7-4D47-AB5F-F698EE38580D} WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: asus Event Code: 7040 Message: Het opstarttype van de service Symantec Real Time Storage Protection x64 is gewijzigd van starten op aanvraag in starten met systeem. Record Number: 14822 Source Name: Service Control Manager Time Written: 20140113175817.398660-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: asus Event Code: 104 Message: Logboekbestand Windows PowerShell is gewist. Record Number: 14821 Source Name: Microsoft-Windows-Eventlog Time Written: 20140113174917.240939-000 Event Type: Informatie User: asus\gebruiker Computer Name: asus Event Code: 104 Message: Logboekbestand Key Management Service is gewist. Record Number: 14820 Source Name: Microsoft-Windows-Eventlog Time Written: 20140113174917.147183-000 Event Type: Informatie User: asus\gebruiker Computer Name: asus Event Code: 104 Message: Logboekbestand Internet Explorer is gewist. Record Number: 14819 Source Name: Microsoft-Windows-Eventlog Time Written: 20140113174917.084679-000 Event Type: Informatie User: asus\gebruiker Computer Name: asus Event Code: 104 Message: Logboekbestand System is gewist. Record Number: 14818 Source Name: Microsoft-Windows-Eventlog Time Written: 20140113174916.944049-000 Event Type: Informatie User: asus\gebruiker =====Application event log===== Computer Name: asus Event Code: 3 Message: Record Number: 12210 Source Name: NvStreamSvc Time Written: 20140113182839.000000-000 Event Type: Informatie User: Computer Name: asus Event Code: 3 Message: Record Number: 12209 Source Name: NvStreamSvc Time Written: 20140113182838.000000-000 Event Type: Informatie User: Computer Name: asus Event Code: 3 Message: Record Number: 12208 Source Name: NvStreamSvc Time Written: 20140113182833.000000-000 Event Type: Informatie User: Computer Name: asus Event Code: 258 Message: De opslagoptimalisatie heeft analyseren op OS (C:) voltooid Record Number: 12207 Source Name: Microsoft-Windows-Defrag Time Written: 20140113181340.000000-000 Event Type: Informatie User: Computer Name: asus Event Code: 258 Message: De opslagoptimalisatie heeft opstarten optimaliseren op OS (C:) voltooid Record Number: 12206 Source Name: Microsoft-Windows-Defrag Time Written: 20140113180915.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: asus Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 28209 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140113181331.378979-000 Event Type: Controle geslaagd User: Computer Name: asus Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: ASUS$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Aanmeldingstype: 5 Imitatieniveau: Imitatie Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x348 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met authenticatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 28208 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140113181331.378979-000 Event Type: Controle geslaagd User: Computer Name: asus Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 28207 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140113180121.939687-000 Event Type: Controle geslaagd User: Computer Name: asus Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: ASUS$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Aanmeldingstype: 5 Imitatieniveau: Imitatie Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3E7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x348 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met authenticatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 28206 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140113180121.939687-000 Event Type: Controle geslaagd User: Computer Name: asus Event Code: 1102 Message: Het controlelogboek is gewist. Onderwerp: Beveiligings-id: S-1-5-21-2035609657-2241805967-4120172649-1002 Accountnaam: gebruiker Domeinnaam: asus Aanmeldings-id: 0x1AE36 Record Number: 28205 Source Name: Microsoft-Windows-Eventlog Time Written: 20140113174916.756537-000 Event Type: Controle geslaagd User: ======Environment variables====== "FP_NO_HOST_CHECK"=NO "USERNAME"=SYSTEM "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared "ComSpec"=%SystemRoot%\system32\cmd.exe "TMP"=%SystemRoot%\TEMP "OS"=Windows_NT "windir"=%SystemRoot% "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=8 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=3a09 "configsetroot"=%SystemRoot%\ConfigSetRoot -----------------EOF-----------------