info.txt logfile of random's system information tool 1.10 2014-10-26 11:22:17 ======MBR====== 0xEB0E0300040032020000000000004E50FA33C0BC00668ED05007501FFBFCBE09008914BF0008BE007CB90001F3A550BF340857CBBB0006BE02080FB60CB80102BA8000CD13BA0500BF0006B90002E82401B90500BB0012BE000603F1E8FF00EB0AB301BEA712881CE98900E82D003C0174EFE852003C0174E8BA0400BF000AB9A708E8F000E83505E98801BE05080A048804B101BB0008E8B900C3BE0006E81700BE2306803C00740C3C007408B002E8D9FFB001C3B000C3B900024E32C08BD98A1032C2E2F8C3B9050051B80002F7E10500088BF0E8E0FF5E560FB68C0506E30438C1750659E2E2B000C359B001E89AFFB001C3BE07080FB60CB80102BB007CBA8000CD13BE007CE8ADFFBE06080FB60CE31C38C17418B004E86FFFBEAF07E88C02BEA712803C017403E80A01CD18BEBE09BFBE7DB92000F3A5BA0400BF007CB9BE01E82F00BE09008B1433C050BF007C57CB32EDB80103BA8000CD13C3514E0FB60CE308B80102BA8000CD1381EB000259E2EAC3525751B800BBCD1A722B6683F800752581F902017C1F6681FB54435041751633C08EC06633F6B807BB6633C96633D2595F5ACD1AC3595F5AC30000656D000000637B9ACD166F0E00008020210007591ABF0008000000E02E0000591BBF07FEFFFF00E82E0000E0C33700FEFFFF07FEFFFF00C8F237009045020000000000000000000000000000000055AA ======Uninstall list====== PowerDVD Create 10-->"C:\Program Files (x86)\InstallShield Installation Information\{D6E853EC-8960-4D44-AF03-7361BB93227C}\Setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{D6E853EC-8960-4D44-AF03-7361BB93227C}\Setup.exe" /z-uninstall -->"C:\Program Files (x86)\InstallShield Installation Information\{DE485075-8CD3-4A1E-9ABC-6412EBA44872}\setup.exe" /z-uninstall Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{77D28FF5-242F-488A-8215-937D6A4D69E0} Adobe Flash Player 15 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe -maintain activex Adobe Reader X (10.1.12) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Advanced-System Protector-->"C:\Program Files (x86)\ASP\unins000.exe" AutoCAD 2012 - English SP2-->Msiexec.exe /uninstall {9A077AE3-D1FE-4E79-8DFC-1E134760858E} /package {5783F2D7-A001-0409-0102-0060B0CE6BBA} /qb AutoCAD 2012 - English-->C:\Program Files\Autodesk\AutoCAD 2012 - English\Setup\Setup.exe /P {5783F2D7-A001-0409-0102-0060B0CE6BBA} /M ACAD /language en-US AutoCAD 2012 - English-->C:\Program Files\Autodesk\AutoCAD 2012 - English\Setup\Setup.exe /P {5783F2D7-A001-0409-0102-0060B0CE6BBA} /M ACAD /language en-US Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7} Autodesk Inventor Fusion 2012 Language Pack-->MsiExec.exe /X{FFF7F80F-929E-497F-A112-B070DE816128} Autodesk Inventor Fusion 2012 SP2-->Msiexec.exe /uninstall {EE81A5A5-1C06-0000-0002-58351F538891} /package {FFF5619F-6669-4EC5-A85E-9994F70A9E5D} /qb Autodesk Inventor Fusion 2012-->C:\Program Files\Autodesk\Inventor Fusion 2012\Setup\Setup.exe /P {FFF5619F-6669-4EC5-A85E-9994F70A9E5D} /M INVENTORFUSION /LANG en-US Autodesk Inventor Fusion 2012-->MsiExec.exe /X{FFF5619F-6669-4EC5-A85E-9994F70A9E5D} Autodesk Inventor Fusion plug-in for AutoCAD 2012-->C:\Program Files\Autodesk\ApplicationPlugins\FusionPlugin.bundle\Contents\Setup\Setup.exe /P {EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC} /M ACFUSION /LANG en-US Autodesk Inventor Fusion plug-in for AutoCAD 2012-->MsiExec.exe /I{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC} Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012-->MsiExec.exe /I{E552C39C-C70E-464F-9733-8311331BDD90} Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E} Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Create Recovery Media-->MsiExec.exe /X{50DC5136-21E8-48BC-97E5-1AD055F6B0B6} CyberLink Power2Go 7-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink PowerProducer 5.5-->"C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall DJ Intro version 1.2.0-->"C:\Program Files (x86)\Serato\DJ Intro\unins000.exe" FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C} File Association Helper-->MsiExec.exe /X{C168639F-5810-4EC8-B1E8-0251AA8A771C} Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) Network Connections Drivers-->Prounstl.exe Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall Intel(R) Rapid Storage Technology-->C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe -uninstall Intel(R) Rapid Storage Technology-->MsiExec.exe /I{5EB368A4-562A-41B6-A5B3-06054A27F5A6} Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\3.0\Uninstall\setup.exe -uninstall Intel(R) Update Manager-->MsiExec.exe /I{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4} Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall Intel(R) WiDi-->MsiExec.exe /X{62E7C369-64FF-452C-8F46-6BE9B77FF097} Intel® PROSet/Wireless Software-->"C:\ProgramData\Package Cache\{fad118b4-798f-4755-9e67-a622eec95b62}\Setup.exe" /uninstall Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{DEF50764-F1A7-4DD4-B8BA-C81A4807631A} Intel® Trusted Connect Service Client-->MsiExec.exe /I{44B72151-611E-429D-9765-9BA093D7E48A} LBAI-->"C:\Program Files (x86)\Lenovo\LBAI\unins000.exe" Lenovo Patch Utility 64 bit-->MsiExec.exe /X{ABE4638D-D208-4061-9F26-E3E11E3A1E0C} Lenovo Registration-->MsiExec.exe /X{6707C034-ED6B-4B6A-B21F-969B3606FBDE} Lenovo SHAREit-->"C:\Program Files (x86)\Lenovo\SHAREit\unins000.exe" Lenovo Solution Center-->MsiExec.exe /X{13BD494D-9ACD-420B-A291-E145DED92EF6} Lenovo System Update-->MsiExec.exe /X{25C64847-B900-48AD-A164-1B4F9B774650} Lenovo User Guide-->MsiExec.exe /X{13F59938-C595-479C-B479-F171AB9AF64F} Lenovo Welcome-->MsiExec.exe /X{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E} Lexmark S300-S400 Series-->C:\Program Files\Lexmark S300-S400 Series\Install\x64\instgui.exe /u Message Center Plus-->MsiExec.exe /X{AD130AB4-E88C-48F4-8353-B7395A4A82D1} Metric Collection SDK 35-->MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} Metric Collection SDK-->MsiExec.exe /X{DDAA788F-52E6-44EA-ADB8-92837B11BF26} Microsoft .NET Framework 4.5.1 (Nederlands)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\NLD\\Setup.exe /repair /x86 /x64 /lcid 1043 Microsoft .NET Framework 4.5.1 (NLD)-->MsiExec.exe /X{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09} Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64 Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} Microsoft Office Professional Plus 2013 - nl-nl-->"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4659.1001 culture=nl-nl productstoremove=ProPlusRetail_nl-nl_x-none Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Nitro Pro 8-->MsiExec.exe /X{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87} Norton Internet Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.6.0.32\InstStub.exe" /X /ARP Office 15 Click-to-Run Extensibility Component-->MsiExec.exe /X{90150000-008C-0000-0000-0000000FF1CE} Office 15 Click-to-Run Licensing Component-->MsiExec.exe /I{90150000-008F-0000-1000-0000000FF1CE} Office 15 Click-to-Run Localization Component-->MsiExec.exe /X{90150000-008C-0413-0000-0000000FF1CE} Power Manager-->"C:\Program Files (x86)\Lenovo\PowerMgr\unins000.exe" PowerDVD Create-->"C:\Program Files (x86)\InstallShield Installation Information\{DE485075-8CD3-4A1E-9ABC-6412EBA44872}\setup.exe" /z-uninstall Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {F7CBA1C7-E5B5-39E9-9631-459E1FE08C45} Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D} Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A} Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126} Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {59923C0F-51CB-3F2C-8465-E69019472533} Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {47FA5DCB-D13C-331E-BC32-65E53BDD949C} Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {48006B2D-366F-3386-92C7-785D3A523042} SpyHunter-->MsiExec.exe /X{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05} SugarSync Manager-->C:\Program Files (x86)\SugarSync\uninstall.exe sweet-page uninstall-->C:\Users\Karl\AppData\Roaming\sweet-page\UninstallManager.exe -ptid=cor ThinkVantage Communications Utility-->"C:\Program Files\Lenovo\Communications Utility\unins000.exe" Tuneup Pro-->"C:\Program Files (x86)\Tuneup Pro\unins000.exe" /silent View Management Utility-->"C:\Program Files\Lenovo\View Management Utility\unins000.exe" WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall Windows Driver Package - Intel (e1dexpress) Net (02/26/2013 12.6.47.0)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\e1d62x64.inf_amd64_neutral_ff11ed38c81f8014\e1d62x64.inf Windows Driver Package - Intel Corporation (igfx) Display (06/24/2013 9.18.10.3220)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\kit54396.inf_amd64_neutral_8233e534ff54a888\kit54396.inf Windows Driver Package - Intel System (02/25/2013 9.4.0.1017)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\haswell.inf_amd64_neutral_1dc73fa0fbfffbdb\haswell.inf Windows Driver Package - Intel System (02/25/2013 9.4.0.1017)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\lxptcore.inf_amd64_neutral_513a957c36f5e600\lxptcore.inf Windows Driver Package - Intel System (02/25/2013 9.4.0.1017)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\lxptsmb.inf_amd64_neutral_71d6f67e09383c9e\lxptsmb.inf Windows Driver Package - Intel USB (02/25/2013 9.4.0.1017)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\lxptusb.inf_amd64_neutral_917a5726857a25a6\lxptusb.inf Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (05/22/2013 6.16.00.3112)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_neutral_fb3ac73b73ee0bef\intcdaud.inf Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/19/2013 6.0.1.6844)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_d51daa08acfd6c29\hdxrt.inf WindowsMangerProtect20.0.0.1013-->C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -uninstall WinZip 18.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3} ======System event log====== Computer Name: Karl-THINK Event Code: 7036 Message: De Windows Presentation Foundation Font Cache 3.0.0.0-service heeft nu de status wordt uitgevoerd. Record Number: 2171 Source Name: Service Control Manager Time Written: 20140306171832.613681-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 20003 Message: Het toevoegen van service tunnel voor apparaat-id ROOT\*ISATAP\0003 is voltooid door Stuurprogrammabeheer met de volgende status: 0. Record Number: 2170 Source Name: Microsoft-Windows-UserPnp Time Written: 20140306171831.443678-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: Karl-THINK Event Code: 7036 Message: De Computer Browser-service heeft nu de status gestopt. Record Number: 2169 Source Name: Service Control Manager Time Written: 20140306171809.088839-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 104 Message: Logboekbestand setup is gewist. Record Number: 2168 Source Name: Microsoft-Windows-Eventlog Time Written: 20140306171810.524042-000 Event Type: Informatie User: Karl-THINK\Karl Computer Name: Karl-THINK Event Code: 104 Message: Logboekbestand System is gewist. Record Number: 2167 Source Name: Microsoft-Windows-Eventlog Time Written: 20140306171810.461642-000 Event Type: Informatie User: Karl-THINK\Karl =====Application event log===== Computer Name: Karl-THINK Event Code: 0 Message: Service started successfully. Record Number: 926 Source Name: IAStorDataMgrSvc Time Written: 20140306172000.000000-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 0 Message: Record Number: 925 Source Name: Bluetooth OBEX Service Time Written: 20140306171959.000000-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 0 Message: Record Number: 924 Source Name: Bluetooth Media Service Time Written: 20140306171959.000000-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 0 Message: Record Number: 923 Source Name: Bluetooth Device Monitor Time Written: 20140306171958.000000-000 Event Type: Informatie User: Computer Name: Karl-THINK Event Code: 4112 Message: Geslaagde automatische update van niet-toegestane certificatenlijst met ingangsdatum: donderdag 5 december 2013 21:13:54. Record Number: 922 Source Name: Microsoft-Windows-CAPI2 Time Written: 20140306171821.459661-000 Event Type: Informatie User: =====Security event log===== Computer Name: Karl-THINK Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: KARL-THINK$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2a4 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 20180 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140306172023.296099-000 Event Type: Controle geslaagd User: Computer Name: Karl-THINK Event Code: 6406 Message: Norton Internet Security is geregistreerd bij Windows Firewall om het filter te beheren voor BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory. Record Number: 20179 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140306172015.808086-000 Event Type: Controle geslaagd User: Computer Name: Karl-THINK Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 20178 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140306172014.872084-000 Event Type: Controle geslaagd User: Computer Name: Karl-THINK Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: KARL-THINK$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2a4 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 20177 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140306172014.872084-000 Event Type: Controle geslaagd User: Computer Name: Karl-THINK Event Code: 1102 Message: Het controlelogboek is gewist. Onderwerp: Beveiligings-id: S-1-5-21-127626438-780029098-1568441356-1000 Accountnaam: Karl Domeinnaam: Karl-THINK Aanmeldings-id: 0x2fa4b Record Number: 20176 Source Name: Microsoft-Windows-Eventlog Time Written: 20140306171810.492842-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\SWTOOLS\ReadyApps;C:\Program Files (x86)\Common Files\Lenovo;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=3c03 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 "configsetroot"=%SystemRoot%\ConfigSetRoot "PowerMgrPath"=C:\Program Files (x86)\Lenovo\PowerMgr "COMMPath"=C:\Program Files\Lenovo\Communications Utility "READYAPPS"=C:\SWTOOLS\ReadyApps "TVTCOMMON"=C:\Program Files (x86)\Common Files\Lenovo "SWSHARE"=C:\SWSHARE "TVT"=C:\Program Files (x86)\Lenovo "easyplussdk"="C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin" "CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ "ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ -----------------EOF-----------------