|
mobi_khan -> Why this alert showing my user name in the client name fields (25.Jul.2008 9:47:29 AM)
|
Hi guys I wanted to know what is excatly mean by this alert? I know that its someone Mubahsor.ismail is traing to take ownership attemp or has accessed the properties of the mentioned object, but I did not accessed this object, however there two programs GFI Event Manager and GFI LNSS which access this system but my user name is showing? Any idea??
Can I get any data to undserstadn the events generated by the GFI Event Manager? Is there some link?? If so please guide me.
Object Open:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Handle ID: 976
Operation ID: {0,246937358}
Process ID: 1252
Image File Name: D:\WINDOWS\system32\svchost.exe
Primary User Name: LOCAL SERVICE
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E5)
Client User Name: mubashir.ismail
Client Domain: SUN
Client Logon ID: (0x0,0xEB6E2A5)
Accesses:
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Query key value
Set key value
Create sub-key
Enumerate sub-keys
Notify about changes to keys
Create Link
Thanks
|
|
|
|