我在我的办公室 PC 上看到了一些黑客攻击尝试。上周五我的电脑突然重启了两次,当我登录时,我的一些重要文件不在那里。刚删了。因此,我检查了事件查看器以查找有关此重新启动的原因。我得到了这些日志,并且在这些日志上看到了某人的 PC 名称。有人可以向我解释一下吗?
谢谢!
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Account Logon
Type:Success A Event ID:680
User:MyPC/Administrator
Computer: MyPC
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:Administrator
Source Workstation:OtherPC
Error Code:0x0
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:576
User:MyPC/Administrator
Computer: MyPC
Description:
Special privileges assigned to new logon:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x251E985)
Privileges:SeSecurityPrivilege
SeBackupPrivilege
...
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:540
User:MyPC/Administrator
Computer: MyPC
Description:
Successful Network Logon:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x251E985)
Logon Type:3
Logon Process:NtLmSsp
Authentication Package:NTLM
Workstation Name:OtherPC
Logon GUID:-
Caller User Name:-
Caller Domain:-
Caller Logon ID:-
Caller Process ID:-
Transited services:-
Source Network Address:192.168.x.x
Source Port:0
Date:7/27/2012 Source:Security
Time:2.35.26 PM Category:Logon/Logoff
Type:Success A Event ID:551
User:MyPC/Administrator
Computer: MyPC
Description:
User initiated logoff:
User Name:Administrator
DOMAIN: MyPC
Logon ID: (0x0, 0x2059c)