info.txt logfile of random's system information tool 1.10 2015-02-22 10:14:45 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AE3EB484F000080202100271E2B330008000000800C00001E2C3307FEFFFF00880C000070A11200FEFFFF07FEFFFF00F8AD1200F094120000000000000000000000000000000055AA ======Uninstall list====== Adobe Flash Player 16 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe -maintain activex Adobe Reader 9.5.0 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A95000000001} Catalyst Control Center - Branding-->MsiExec.exe /I{8064A378-46F4-4A4E-8AF5-153D0D4018DD} D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} High-Definition Video Playback-->MsiExec.exe /X{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21} Java 8 Update 31-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218031F0} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} McAfee Internet Security-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall McAfee SiteAdvisor-->C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{2C303EE0-A595-3543-A71A-931C7AC40EDE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyTomTom 3.1.0.530-->C:\Program Files (x86)\MyTomTom 3\Uninstall MyTomTom3.exe Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7} Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE} Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6} Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00} Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517} Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38} Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98} Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7} Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E} Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953} Nero Kwik Media-->MsiExec.exe /X{1F7D9F37-C39C-486C-BDF8-8F440FFB3352} Nero Multimedia Suite 10 Essentials-->MsiExec.exe /X{2063D199-D79F-471A-9019-9E647296394D} Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7} Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023} Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} NeroKwikMedia Help (CHM)-->MsiExec.exe /X{02FCAA8F-59D3-4198-822E-135C61EE4F0B} Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -removeonly Realtek WLAN Driver-->C:\Program Files (x86)\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173001290E16}\Install.exe -uninst -l0x13 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {F7CBA1C7-E5B5-39E9-9631-459E1FE08C45} Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D} Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A} Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126} Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {59923C0F-51CB-3F2C-8465-E69019472533} Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {47FA5DCB-D13C-331E-BC32-65E53BDD949C} Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {8B856ECB-ED10-3F9E-880D-03A278EF3FB6} Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {48006B2D-366F-3386-92C7-785D3A523042} Skype™ 6.11-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} TomTom HOME 2.8.3.2499-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{43DBC64B-3DD1-47E2-8788-D3C3B110C574}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA ConfigFree-->MsiExec.exe /X{F52618B2-A995-4F8D-A6C8-9E235A470C68} TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0413 TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Hardware Setup-->"C:\Program Files (x86)\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3} TOSHIBA HDD/SSD-waarschuwing-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0413 Toshiba Manuals-->"C:\Program Files (x86)\InstallShield Installation Information\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}\setup.exe" -runfromtemp -l0x0013 -removeonly TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA Online Product Information-->"C:\Program Files (x86)\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe" -runfromtemp -l0x0013 -removeonly TOSHIBA Places Icon Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{461F6F0D-7173-4902-9604-AB1A29108AF2}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Recovery Media Creator Reminder-->C:\Program Files (x86)\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0413 TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0413 TOSHIBA Supervisorwachtwoord-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA TEMPRO-->MsiExec.exe /X{F082CB11-4794-4259-99A1-D91BA762AD15} TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9} TRORMCLauncher-->C:\Program Files (x86)\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0413 Utility Common Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F} Visual Studio C++ 10.0 Runtime-->MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790} Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C} Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen-->MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F} Windows Live Mesh-->MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{48294D95-EE9A-4377-8213-44FC4265FB27} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92} Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218} Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} ======System event log====== Computer Name: Jordy-TOSH Event Code: 62464 Message: UVD Information Record Number: 1062203 Source Name: amdkmdag Time Written: 20141221063308.375162-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 62464 Message: UVD Information Record Number: 1062202 Source Name: amdkmdag Time Written: 20141221063308.375162-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 62464 Message: UVD Information Record Number: 1062201 Source Name: amdkmdag Time Written: 20141221063308.375162-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 62464 Message: UVD Information Record Number: 1062200 Source Name: amdkmdag Time Written: 20141221063308.375162-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 62464 Message: UVD Information Record Number: 1062199 Source Name: amdkmdag Time Written: 20141221063308.375162-000 Event Type: Informatie User: =====Application event log===== Computer Name: Jordy-TOSH Event Code: 0 Message: [SaveSettings] FirstServiceDate: Success Record Number: 14895 Source Name: TOSHIBA-servicestation Time Written: 20121025155403.000000-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 0 Message: Record Number: 14894 Source Name: gupdate Time Written: 20121025152101.000000-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 0 Message: Record Number: 14893 Source Name: gupdate Time Written: 20121025152100.000000-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 903 Message: De Software Protection-service is gestopt. Record Number: 14892 Source Name: Microsoft-Windows-Security-SPP Time Written: 20121025140908.000000-000 Event Type: Informatie User: Computer Name: Jordy-TOSH Event Code: 902 Message: De Software Protection-service is gestart. 6.1.7601.17514 Record Number: 14891 Source Name: Microsoft-Windows-Security-SPP Time Written: 20121025140407.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: Jordy-TOSH Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-21-3551420916-2333518807-4064758659-1000 Accountnaam: Jordy Accountdomein: Jordy-TOSH Aanmeldings-id: 0x103001e Bevoegdheden: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 36876 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130929084517.849820-000 Event Type: Controle geslaagd User: Computer Name: Jordy-TOSH Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: JORDY-TOSH$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 7 Nieuwe aanmelding: Beveiligings-id: S-1-5-21-3551420916-2333518807-4064758659-1000 Accountnaam: Jordy Accountdomein: Jordy-TOSH Aanmeldings-id: 0x1030263 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2b4 Naam proces: C:\Windows\System32\winlogon.exe Netwerkgegevens: Naam van werkstation: JORDY-TOSH Netwerkadres van bron: 127.0.0.1 Poort van bron: 0 Gedetailleerde verificatiegegevens: Aanmeldingsproces: User32 Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 36875 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130929084517.849820-000 Event Type: Controle geslaagd User: Computer Name: Jordy-TOSH Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: JORDY-TOSH$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 7 Nieuwe aanmelding: Beveiligings-id: S-1-5-21-3551420916-2333518807-4064758659-1000 Accountnaam: Jordy Accountdomein: Jordy-TOSH Aanmeldings-id: 0x103001e Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2b4 Naam proces: C:\Windows\System32\winlogon.exe Netwerkgegevens: Naam van werkstation: JORDY-TOSH Netwerkadres van bron: 127.0.0.1 Poort van bron: 0 Gedetailleerde verificatiegegevens: Aanmeldingsproces: User32 Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 36874 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130929084517.849820-000 Event Type: Controle geslaagd User: Computer Name: Jordy-TOSH Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: JORDY-TOSH$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: Jordy Accountdomein: Jordy-TOSH Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x2b4 Procesnaam: C:\Windows\System32\winlogon.exe Netwerkgegevens: Netwerkadres: 127.0.0.1 Poort: 0 Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 36873 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130929084517.849820-000 Event Type: Controle geslaagd User: Computer Name: Jordy-TOSH Event Code: 5061 Message: Cryptografische bewerking. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: JORDY-TOSH$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Cryptografieparameters: Naam provider: Microsoft Software Key Storage Provider Naam algoritme: RSA Sleutelnaam: {7C71C573-4E0B-463E-8221-95BCCCBEB855} Sleuteltype: Computersleutel. Cryptografische bewerking: Bewerking: Sleutel openen. Retourcode: 0x0 Record Number: 36872 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130929084509.251329-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=20 "PROCESSOR_IDENTIFIER"=AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0200 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 -----------------EOF-----------------