高校问答fate赫拉克勒斯弱:千万份的感谢!帮帮我!有关安全日志的问题 详细问题在正文
来源:百度文库 编辑:高校问答 时间:2024/04/30 05:41:33
系统的安全日志默认的是关闭的对吗?今天查看 发现安全日志属性显示:创建时间和修改时间都是4月9日20:00 但现在日志栏没有可显示的项目 咨询了一位朋友 他说可能是遇到了黑客入侵 并且黑客已经将操作痕迹扫除 他的说法对吗?记得是4月份升级了机器并重新装了系统 当时还改变了C盘的格式 那么我的这些操作有可能导致安全日志属性发生改变吗?另外发现C:\Program Files\Windows NT文件夹和 C:\WINDOWS\Debug中的一些文件也是在同一个时间发生了修改 请问这是怎么回事呢?上述情况会否是因为我自己忘掉的操作留下的痕迹?
另外 附上C:\WINDOWS\Debug中NetSetup.LOG的内容(该文件也显示是在4月9日20:00被修改的):
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpDoDomainJoin
04/09 20:08:12 NetpMachineValidToJoin: 'PLA-BCF0E28A1AB'
04/09 20:08:12 NetpGetLsaPrimaryDomain: status: 0x0
04/09 20:08:12 NetpMachineValidToJoin: status: 0x0
04/09 20:08:12 NetpJoinWorkgroup: joining computer 'PLA-BCF0E28A1AB' to workgroup 'WORKGROUP'
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:13 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
04/09 20:08:13 NetpControlServices: open service 'NETLOGON' failed: 0x424
04/09 20:08:13 NetpJoinWorkgroup: status: 0x0
04/09 20:08:13 NetpDoDomainJoin: status: 0x0
因受提问字数限制 删除了一些NetSetup.LOG的内容
另外 附上C:\WINDOWS\Debug中NetSetup.LOG的内容(该文件也显示是在4月9日20:00被修改的):
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:12 -----------------------------------------------------------------
04/09 20:08:12 NetpDoDomainJoin
04/09 20:08:12 NetpMachineValidToJoin: 'PLA-BCF0E28A1AB'
04/09 20:08:12 NetpGetLsaPrimaryDomain: status: 0x0
04/09 20:08:12 NetpMachineValidToJoin: status: 0x0
04/09 20:08:12 NetpJoinWorkgroup: joining computer 'PLA-BCF0E28A1AB' to workgroup 'WORKGROUP'
04/09 20:08:12 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
04/09 20:08:12 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
04/09 20:08:12 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
04/09 20:08:12 NetpValidateName: name 'WORKGROUP' is valid for type 2
04/09 20:08:13 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
04/09 20:08:13 NetpControlServices: open service 'NETLOGON' failed: 0x424
04/09 20:08:13 NetpJoinWorkgroup: status: 0x0
04/09 20:08:13 NetpDoDomainJoin: status: 0x0
因受提问字数限制 删除了一些NetSetup.LOG的内容
有被入侵的可能,入侵者并被有擦除痕迹,至少没有完全擦除。