none
電腦遭盜用 RRS feed

  • 问题

  • 這些時候我都不在啊

    Audit Success    29/3/2011 20:19:33    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:19:33    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:30    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:30    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:30    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:29    Microsoft Windows security auditing.    5024    Other System Events
    Audit Success    29/3/2011 20:17:28    Microsoft Windows security auditing.    5033    Other System Events
    Audit Success    29/3/2011 20:17:28    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:28    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:20    Microsoft Windows security auditing.    5056    System Integrity
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:18    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 20:17:17    Microsoft Windows security auditing.    4902    Audit Policy Change
    Audit Success    29/3/2011 20:17:17    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:17:17    Microsoft Windows security auditing.    4608    Security State Change
    Audit Success    29/3/2011 20:13:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 20:13:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 20:12:48    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:12:47    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:00:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 20:00:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 20:00:46    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 20:00:45    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:48:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:48:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:48:45    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:48:44    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:36:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:36:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:36:43    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:36:42    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:24:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:24:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:24:41    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:24:40    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:12:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:12:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:12:39    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:12:38    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:00:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:00:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 19:00:37    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 19:00:36    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 18:48:46    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 18:48:46    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 18:48:35    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 18:48:34    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 14:38:00    Microsoft Windows security auditing.    4904    Audit Policy Change
    Audit Success    29/3/2011 14:38:00    Microsoft Windows security auditing.    4905    Audit Policy Change
    Audit Success    29/3/2011 14:37:24    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 14:37:24    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 14:37:24    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 14:37:24    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 14:36:54    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 14:36:54    Microsoft Windows security auditing.    4672    Special Logon
    Audit Success    29/3/2011 10:58:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:58:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:58:43    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:58:42    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:46:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:46:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:46:41    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:46:40    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:34:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:34:55    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:34:39    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:34:38    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:22:49    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:22:49    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:22:37    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:22:36    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:10:49    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:10:49    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:10:35    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:10:34    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:04:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:04:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 10:03:50    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 10:03:49    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:52:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:52:04    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:51:48    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:51:47    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:39:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:39:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:39:46    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:39:46    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:27:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:27:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:27:45    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:27:44    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:15:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:15:58    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:15:43    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:15:42    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:03:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:03:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 9:03:41    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 9:03:40    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 8:51:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 8:51:52    Microsoft Windows security auditing.    4634    Logoff
    Audit Success    29/3/2011 8:51:39    Microsoft Windows security auditing.    4624    Logon
    Audit Success    29/3/2011 8:51:38    Microsoft Windows security auditing.    4624    Logon

    有冇有人看得明白?該怎做呢?
    謝謝了

    2011年3月29日 14:57

答案

  • 其实没关系,这些记录并不是普通的用户登录和注销,你想想看,谁会这么频繁的进行登录呢。

    这些是系统本身的服务或者进行运行过程留下的记录,因为任何程序运行都会以某个用户的身份来运行,当系统开启审核(auditing)记录功能后,这些详细信息都会被记录下来的。所以请放心,您的电脑还是安全的。


    黄俊伟(wbpluto) MSN: hjw@live.cn Blogs: http://blog.wbpluto.com http://blogs.itecn.net/blogs/wbpluto
    2011年3月29日 16:54
  • 如果是有其他计算机登录的记录,那可以证明是从别的计算机登录的,最好修改你的管理员帐户密码,或者在防火墙中关闭对远程桌面的端口开放。

    根据计算机名和IP地址,你应该可以有办法找到连接进来的人。


    黄俊伟(wbpluto) MSN: hjw@live.cn Blogs: http://blog.wbpluto.com http://blogs.itecn.net/blogs/wbpluto
    2011年3月31日 6:38

全部回复

  • 其实没关系,这些记录并不是普通的用户登录和注销,你想想看,谁会这么频繁的进行登录呢。

    这些是系统本身的服务或者进行运行过程留下的记录,因为任何程序运行都会以某个用户的身份来运行,当系统开启审核(auditing)记录功能后,这些详细信息都会被记录下来的。所以请放心,您的电脑还是安全的。


    黄俊伟(wbpluto) MSN: hjw@live.cn Blogs: http://blog.wbpluto.com http://blogs.itecn.net/blogs/wbpluto
    2011年3月29日 16:54
  • 謝謝您, 但我看詳細紀錄, 發現有另一用家的名字啊

    An account was successfully logged on.

    Subject:
        Security ID:        NULL SID
        Account Name:        -
        Account Domain:        -
        Logon ID:        0x0

    Logon Type:            3

    New Logon:
        Security ID:        ANONYMOUS LOGON
        Account Name:        ANONYMOUS LOGON
        Account Domain:        NT AUTHORITY
        Logon ID:        0xc60b35
        Logon GUID:        {00000000-0000-0000-0000-000000000000}

    Process Information:
        Process ID:        0x0
        Process Name:        -

    Network Information:
        Workstation Name:    LISON-PC
        Source Network Address:    192.168.11.2
        Source Port:        57702

    Detailed Authentication Information:
        Logon Process:        NtLmSsp
        Authentication Package:    NTLM
        Transited Services:    -
        Package Name (NTLM only):    NTLM V1
        Key Length:        128

    2011年3月30日 0:05
  • 你好,

    如果从该PC登录到计算机的记录是未知的,建议你检查一下系统是否运行了不需要或未知的服务,并按需关闭终端服务及其他远程服务、开启Windows防火墙、更改网络位置和类型。


    请将已解决的问题标记为“答案”,以便更多的朋友能够方便的找到问题解决方案。 MVP | Windows Desktop Experience | Virtualization Sino
    2011年3月30日 15:43
    版主
  • 如果是有其他计算机登录的记录,那可以证明是从别的计算机登录的,最好修改你的管理员帐户密码,或者在防火墙中关闭对远程桌面的端口开放。

    根据计算机名和IP地址,你应该可以有办法找到连接进来的人。


    黄俊伟(wbpluto) MSN: hjw@live.cn Blogs: http://blog.wbpluto.com http://blogs.itecn.net/blogs/wbpluto
    2011年3月31日 6:38