Every time after reshipment system, boot, the security log audit are shown as follows:
The 2017-3-20 17:01:22 Security audit SYSTEM success event 518 NT AUTHORITY \ SYSTEM eb890 WWW - 887505 "Security account manager has been loaded into the notification package, any account or password change information will notice this notice package,
Notice the package name: scecli
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 515 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "trusted institutions registered login process has been in the local Security mechanism, will trust the login process to submit an application for the login,
The login process name: KSecDD
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 515 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "trusted institutions registered login process has been in the local Security mechanism, will trust the login process to submit an application for the login,
The login process name: Winlogon \ MSGina
"The 2017-3-20 17:01:22 Security audit SYSTEM success event 515 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "trusted institutions registered login process has been in the local Security mechanism, will trust the login process to submit an application for the login,
The login process name: KSecDD
"The 2017-3-20 17:01:22 Security audit SYSTEM success event 515 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "trusted institutions registered login process has been in the local Security mechanism, will trust the login process to submit an application for the login,
The login process name: Winlogon
"The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ msv1_0 DLL: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ wdigest DLL: wdigest
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ schannel DLL: schannel
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ schannel DLL: Microsoft Unified Security Protocol Provider
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ msv1_0 DLL: NTLM
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ kerberos DLL: kerberos
"
The 2017-3-20 17:01:22 Security audit SYSTEM success event 514 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 "local Security mechanism institutions loaded authentication package, the authentication packet will be used to verify the login operation,
Authentication package name: C: \ WINDOWS \ system32 \ LSASRV DLL: Negotiate "
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Which a man can you teach me, this section of the safety of the startup log normal?
On baidu, I seem to be the reflection of machines by the back door remote monitoring software,
In addition, to connect to the Internet often occurs after a large number of "account login" event (below)
The 2017-3-17 21:37:27 Security audit account login success 680 NT AUTHORITY \ SYSTEM WWW - 887505 eb890
Try to login user: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Login account: administrator
Eb890 source workstation: WWW - 887505
Error code: 0 x0
The 2017-3-19 21:57:11 Security audit account login success 680 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 try login user: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Login account: administrator
Eb890 source workstation: WWW - 887505
Error code: 0 x0
The 2017-3-20 10:46:35 Security audit account login failed 680 NT AUTHORITY \ SYSTEM eb890 WWW - 887505
Try to login user: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Login account: administrator
Eb890 source workstation: WWW - 887505
Error code: 0 xc000006a
The 2017-3-21 9:13:49 Security audit failure login account 680 NT AUTHORITY \ SYSTEM WWW - 887505 eb890 try login user: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Login account: administrator
Eb890 source workstation: WWW - 887505
Error code: 0 xc000006a
I non-programmers, really can't understand these codes, sad worry,,,, request help me,
CodePudding user response:
Antivirus, user management deleted him, resetting the password account, copy redo system is not assured,CodePudding user response:
1. The conditional directly replace the hard disk;2. Without change the hard disk, put all the data after the virus scan copy, all hard disk formatting, reinstall the system,
CodePudding user response:
Antivirus not clean, suggest to delete all partitions reshipment system,