Hi,
Would like to get some answers about remote access,
since i am not 100% sure if my PC was access by remote or not.
PC:
Gview
Windows 7 Ultimate
Intel(R) Core9TM0 i5-4670 CPU @GHz 3.40GHz
64-bit Operating System
16 GB (memory) 15.9 usable
Pen and Toutch: avalible
The most suspicious I did get when finding out in the event viewer a lot of processes witch where running, including the word remote.
So would like to ask if there is any possible logical explination for them running whit out the option that someone was accessing my PC over remote control? Sure that have not used any remote futures fore my personal use.
There are the processes running as Event viewer displays them as Log Name's:
Microsoft-windows-remoteapp and desktop conecitons/admin
Microsoft-windows-remoteAssistence/admin
Microsoft-windows-remoteAssistence/operational
Microsoft-windows-remoteDesktopService-RdpCoreTS/AdminMicrosoft-windows-remoteDesktopService-RdpCoreTS/Operational
Microsoft-windows-remoteDesktopService-RemoteDesktopSessionManager/AdminMicrosoft-windows-RdpcoreTS/Operational
Microsoft-windows-remoteDesktopService-RdpcoreTS/
Microsoft-windows-RemoteDesktopSessionManager/admin
Microsoft-windows-RemoteConnectionManager/Admin
Microsoft-windows-RemoteConnectionManager/Operational
At the same date some processes where stopped\modified:
Microsoft-windows-APi-tracking/Operational
Microsoft-windows-AppID/Operational
Microsoft-Windows-Application-experience/Program-Compatibility-Assistant
Microsoft-Windows-AppLocker/EXE and DLL
Microsoft-Windows-Audio/Operational
Microsoft-Windows-Audio/CaptureMonitor
Microsoft-Windows-Audio/operational
Microsoft-Windows-BitLocker-DrivePreparationtool/Admin
Microsoft-Windows-BitLocker-DrivePreparationtool/Operational
Microsoft-Windows-Bluetooth-MTPEnum/Operational
Microsoft-Windows-CorruptedFileRecovery-Client/Operational
Microsoft-Windows-CorruptedFileRecovery-Server/Operational
Microsoft-Windows-DeviceSync/Operational
Microsoft-Windows-DHCPNap/admin
Microsoft-Windows-Diagnosis-PCW/Operational
Microsoft-Windows-DiskDiagnostic/Operational
Microsoft-Windows-DiskDiagnosticResolver/Operational
Microsoft-Windows-EapHost/Operational
Microsoft-Windows-EventCollector/Operational
Microsoft-Windows-FMS/Operational
Microsoft-Windows-Folder Redirection/Operational
Microsoft-Windows-Eventlog-ForwardingPlugin/Operational
Microsoft-Windows-HomeGroup Control Panel/Operational
Microsoft-Windows-HomeGroup Listener Service/Operational
Microsoft-Windows-IKE/Operational
Microsoft-Windows-Iphlpsvc/Operational
Microsoft-Windows-Kernel-WDI/Operational
Microsoft-Windows-MCT/Operational
Microsoft-Windows-MemoryDiagnostics-results/Debug
Microsoft-Windows-NTLM/Operational
Microsoft-ParentalControls/Operational
Microsoft-Windows-PeopleNearMe/Operational
Microsoft-Windows-PowerShell/Operational
Microsoft-Windows-ReadyBoostDriver/Operational
Microsoft-Windows-Recovery/Operational
Microsoft-windows-Security-Audit-Configuration-Client/Operational
Microsoft-windows-TerminalServices-ClientUSBDevices/Admin
Microsoft-windows-TerminalServices-ClientUSBDevices/Operational
Microsoft-windows-TerminalServices-PnBDevices/Admin
Microsoft-windows-TerminalServices-PnBDevices/Operational
Microsoft-windows-TerminalServices-RDPClient/Operational
Microsoft-windows-TerminalServices-ServerUSBDevices/Admin
Microsoft-windows-TerminalServices-ServerUSBDevices/Operational
Microsoft-windows-TerminalServices-RemoteConnectionManager/Operational
Microsoft-windows-TZUtil/Operational
Microsoft-windows-UAC-fileVirtualization/Operational
Microsoft-windows-UAC/Operational
Microsoft-windows-VDRVROT/Operational
Microsoft-windows-VHDMP/Operational
Microsoft-windows-WFP/Operational
Microsoft-windows-Windows Remote Managment/Operational
Microsoft-windows-Winsock Network Event/Operational
Microsoft-windows-Wired-AutoConfig/Operational
Microsoft-windows-WPD-ClassInstailler/Operational
Looks like all of those processes where running the last time at the same date assuming that if they run again the dates would overwrite.
Also find some other suspicious things on my PC for example browser windows sometimes instanly crashed. Did get an massage very frequently that my usb device can not be detected. But did not touch any USB outputs since it started to popup.
If go to System Properties/select users/add/advanced/find now/ there are Search results for my Name (RDN) Guest, HomeGroupUser$ and Administrator 'in Folder' whit name of my user acc-PC and postgres witch I did alo to create an account to managing my database that I need. Also the Administrator have an arrow down on the icon as Guest hes.
There are also 21 of other user accounts displayed witch I could chose from whit a blue-green icon.
We also have an wireless network whit two diferent internets, witch I share whit few other people and never made any effort to protect my PC or internet conection.
So first of all I would like to know what that could meen? And how big is the chance that my computer was actually superused over remote access?
And if this is not to clear I can also provide whit more details if there are suggestions where to find them.
Would like to get some answers about remote access,
since i am not 100% sure if my PC was access by remote or not.
PC:
Gview
Windows 7 Ultimate
Intel(R) Core9TM0 i5-4670 CPU @GHz 3.40GHz
64-bit Operating System
16 GB (memory) 15.9 usable
Pen and Toutch: avalible
The most suspicious I did get when finding out in the event viewer a lot of processes witch where running, including the word remote.
So would like to ask if there is any possible logical explination for them running whit out the option that someone was accessing my PC over remote control? Sure that have not used any remote futures fore my personal use.
There are the processes running as Event viewer displays them as Log Name's:
Microsoft-windows-remoteapp and desktop conecitons/admin
Microsoft-windows-remoteAssistence/admin
Microsoft-windows-remoteAssistence/operational
Microsoft-windows-remoteDesktopService-RdpCoreTS/AdminMicrosoft-windows-remoteDesktopService-RdpCoreTS/Operational
Microsoft-windows-remoteDesktopService-RemoteDesktopSessionManager/AdminMicrosoft-windows-RdpcoreTS/Operational
Microsoft-windows-remoteDesktopService-RdpcoreTS/
Microsoft-windows-RemoteDesktopSessionManager/admin
Microsoft-windows-RemoteConnectionManager/Admin
Microsoft-windows-RemoteConnectionManager/Operational
At the same date some processes where stopped\modified:
Microsoft-windows-APi-tracking/Operational
Microsoft-windows-AppID/Operational
Microsoft-Windows-Application-experience/Program-Compatibility-Assistant
Microsoft-Windows-AppLocker/EXE and DLL
Microsoft-Windows-Audio/Operational
Microsoft-Windows-Audio/CaptureMonitor
Microsoft-Windows-Audio/operational
Microsoft-Windows-BitLocker-DrivePreparationtool/Admin
Microsoft-Windows-BitLocker-DrivePreparationtool/Operational
Microsoft-Windows-Bluetooth-MTPEnum/Operational
Microsoft-Windows-CorruptedFileRecovery-Client/Operational
Microsoft-Windows-CorruptedFileRecovery-Server/Operational
Microsoft-Windows-DeviceSync/Operational
Microsoft-Windows-DHCPNap/admin
Microsoft-Windows-Diagnosis-PCW/Operational
Microsoft-Windows-DiskDiagnostic/Operational
Microsoft-Windows-DiskDiagnosticResolver/Operational
Microsoft-Windows-EapHost/Operational
Microsoft-Windows-EventCollector/Operational
Microsoft-Windows-FMS/Operational
Microsoft-Windows-Folder Redirection/Operational
Microsoft-Windows-Eventlog-ForwardingPlugin/Operational
Microsoft-Windows-HomeGroup Control Panel/Operational
Microsoft-Windows-HomeGroup Listener Service/Operational
Microsoft-Windows-IKE/Operational
Microsoft-Windows-Iphlpsvc/Operational
Microsoft-Windows-Kernel-WDI/Operational
Microsoft-Windows-MCT/Operational
Microsoft-Windows-MemoryDiagnostics-results/Debug
Microsoft-Windows-NTLM/Operational
Microsoft-ParentalControls/Operational
Microsoft-Windows-PeopleNearMe/Operational
Microsoft-Windows-PowerShell/Operational
Microsoft-Windows-ReadyBoostDriver/Operational
Microsoft-Windows-Recovery/Operational
Microsoft-windows-Security-Audit-Configuration-Client/Operational
Microsoft-windows-TerminalServices-ClientUSBDevices/Admin
Microsoft-windows-TerminalServices-ClientUSBDevices/Operational
Microsoft-windows-TerminalServices-PnBDevices/Admin
Microsoft-windows-TerminalServices-PnBDevices/Operational
Microsoft-windows-TerminalServices-RDPClient/Operational
Microsoft-windows-TerminalServices-ServerUSBDevices/Admin
Microsoft-windows-TerminalServices-ServerUSBDevices/Operational
Microsoft-windows-TerminalServices-RemoteConnectionManager/Operational
Microsoft-windows-TZUtil/Operational
Microsoft-windows-UAC-fileVirtualization/Operational
Microsoft-windows-UAC/Operational
Microsoft-windows-VDRVROT/Operational
Microsoft-windows-VHDMP/Operational
Microsoft-windows-WFP/Operational
Microsoft-windows-Windows Remote Managment/Operational
Microsoft-windows-Winsock Network Event/Operational
Microsoft-windows-Wired-AutoConfig/Operational
Microsoft-windows-WPD-ClassInstailler/Operational
Looks like all of those processes where running the last time at the same date assuming that if they run again the dates would overwrite.
Also find some other suspicious things on my PC for example browser windows sometimes instanly crashed. Did get an massage very frequently that my usb device can not be detected. But did not touch any USB outputs since it started to popup.
If go to System Properties/select users/add/advanced/find now/ there are Search results for my Name (RDN) Guest, HomeGroupUser$ and Administrator 'in Folder' whit name of my user acc-PC and postgres witch I did alo to create an account to managing my database that I need. Also the Administrator have an arrow down on the icon as Guest hes.
There are also 21 of other user accounts displayed witch I could chose from whit a blue-green icon.
We also have an wireless network whit two diferent internets, witch I share whit few other people and never made any effort to protect my PC or internet conection.
So first of all I would like to know what that could meen? And how big is the chance that my computer was actually superused over remote access?
And if this is not to clear I can also provide whit more details if there are suggestions where to find them.