none
event viewer security log RRS feed

  • Question

  • Hello,

    Every time I login to my laptop windows creates below logon log:

    An account was successfully logged on.

    Subject:
    Security ID: SYSTEM
    Account Name: DESKTOP-6KNLGLL$
    Account Domain: WORKGROUP
    Logon ID: 0x3E7

    Logon Information:
    Logon Type: 5
    Restricted Admin Mode: -
    Virtual Account: No
    Elevated Token: Yes

    Impersonation Level: Impersonation

    New Logon:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7
    Linked Logon ID: 0x0
    Network Account Name: -
    Network Account Domain: -
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\services.exe

    Network Information:
    Workstation Name: -
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: Advapi  
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    I don't see any users with name:

    Account Name: DESKTOP-6KNLGLL$
    Account Domain: WORKGROUP

    In the registry nor in users folder.  Is it possible that this is a middle man sitting on my network? I did connect to an open network in 

    quite a few places. Probably i'm just a paranoid parrot but still curious where is this log comes from.

    Could anyone shed some light? If you need the whole security logs I will post them right away. 

    Is it just updates service maybe? With NT authority? 

    Someone from Microsoft mentioned:

    "

    Someone may possibly tired to hack your computer. For us to clarify, kindly post your query in Technet forums for better assistance.

    You may refer to this

     https://social.technet.microsoft.com/Forums/windows/en-US/da83b732-41af-4f38-933e-6f6e3d125abd/does-this-mean-i-was-hacked?forum=w7itprosecurity

    Please click the Ask a question ribbon on the upper left portion to create your own thread.

    thanks,

    Regards,

    Pparrot

    Monday, December 4, 2017 7:59 PM

Answers

  • Hi,

    Please check if DESKTOP-6KNLGLL is your Computer name.

    Click Start, right click Computer, choose Properties.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Pparrot Tuesday, December 5, 2017 9:32 PM
    Tuesday, December 5, 2017 3:18 AM

All replies

  • TCPView  allows you to see all of the current TCP/IP network connections on your computer. It is used to quickly spot any remote computers that are connected to your computer. To use TCPView please download it from the following location and save it on your desktop:

    TCPView Download Link


    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Monday, December 4, 2017 10:49 PM
  • Hi,

    Please check if DESKTOP-6KNLGLL is your Computer name.

    Click Start, right click Computer, choose Properties.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Pparrot Tuesday, December 5, 2017 9:32 PM
    Tuesday, December 5, 2017 3:18 AM