Somebody is snooping around on my computer!
Amie
Regular
Edit: false alarm
Ok &T, here's the deal
I decided to type "systeminfo" in a command prompt and read "system startup time: 28/09/2010, 10:09:18
Then I thought "Gee, wait a minute, that was tuesday, I HAD JUST LEFT FOR SCHOOL AT THAT TIME!" Checked my schedule 4 times, and jep, that was about 5 minutes after I left my room to go to school. No way in hell I was the one booting my PC at that time. I set Windows (Vista) so the power button puts my system in standby and I only reboot when I've installed updates / applications ... so I saw this today.
My BIOS clock and my system clock are both set to the correct localtime, so no possible mixups there. Somebody turned on my computer 5 minutes after I left my room for school. I always double-lock my room so the landlord or a previous renter are the only reasonable suspects. Or somebody with mad lockpicking skills.
Now here's my question: How do I find out what he's been doing on my PC? What system logs etc. can I check? Anybody got any ideas on how to catch this guy? I'm on a live distro right now, I'm gonna screen the fuck out of my windows partition and nuke it afterwards. Not taking any chances with keyloggers etc.
Luckily I encrypt my data partition with Truecrypt. Should have done it with my system partition too in retrospect.
Fuck, I'm angry about this. This calls for revenge.
Ok &T, here's the deal
I decided to type "systeminfo" in a command prompt and read "system startup time: 28/09/2010, 10:09:18
Then I thought "Gee, wait a minute, that was tuesday, I HAD JUST LEFT FOR SCHOOL AT THAT TIME!" Checked my schedule 4 times, and jep, that was about 5 minutes after I left my room to go to school. No way in hell I was the one booting my PC at that time. I set Windows (Vista) so the power button puts my system in standby and I only reboot when I've installed updates / applications ... so I saw this today.
My BIOS clock and my system clock are both set to the correct localtime, so no possible mixups there. Somebody turned on my computer 5 minutes after I left my room for school. I always double-lock my room so the landlord or a previous renter are the only reasonable suspects. Or somebody with mad lockpicking skills.
Now here's my question: How do I find out what he's been doing on my PC? What system logs etc. can I check? Anybody got any ideas on how to catch this guy? I'm on a live distro right now, I'm gonna screen the fuck out of my windows partition and nuke it afterwards. Not taking any chances with keyloggers etc.
Luckily I encrypt my data partition with Truecrypt. Should have done it with my system partition too in retrospect.
Fuck, I'm angry about this. This calls for revenge.
Comments
Check for sys. or program alteration logs.
"Sigh of relief" Gonna encrypt my system partition though.
Damn. This kind of shit is NOT good for my paranoia issues.
Still, it's not because I'm paranoid that they're not out to get me ...
Wouldn't hibernation increase it, assuming it's still in a power-on status???
I never used that option tbh, I just shut it down.
No, I don't have hybrid sleep enabled.
Sleep is stepping down the system to decrease power use while keeping everything in RAM so your computer starts again quickly but it keeps using power and if the power fails / you unplug your computer / the battery is empty, you lose all unsaved data and you need to boot your system.
Hybernate is saving everything in RAM to disk and actually powering off the system. When you power it back on your computer POSTs, and once the windows bootloader is activated it restores the system without actually booting. It's not faster than booting, but once your desktop is loaded anything which was open is still open, youtube films etc. are still downloaded, media player, messenger etc. ... slower than sleep, but the effect once you go out of hybernation is the same. Your RAM is completely restored, including any cached applications. The power on process is a little bit slower than booting in my experience, but because all applications are already started / cached you can start to get work done much faster. And you can easily go into hybernation and then boot a different OS / a live disk.
Hybrid sleep is both at the same time: everything is kept in RAM and the power is kept on, but it's also all written to your HD. So, if the power stays on, your computer stays on and takes like 3 seconds to return to normal, and if the power fails / your battery runs down you can still restore your system as it was.
I like saving power and I like my laptop to cool down when I'm not using it, so I don't have hybrid sleep enabled. In Windows XP, doing this (always hybernating instead of shutting down) would have made my computer unuseable, that's why they hid the hybernation by default in XP. In Vista however, it works flawless. One more reason why Vista kicks XP's ass.