Help Please - Was I hacked?

[Maddie88888]

Hi,


can anyone tell me from the below terminal info if I was hacked? This is from an old computer that crashed out of the blue in 2009 (powerbook G4), and I am only just discovering weird things on of the data recovered. I know nothing about computers, though, so hopefully an expert can assist. Thanks in advance!



"name" = ( "securityagent" );

"passwd" = ( "*" );

"uid" = ( "92" );

"gid" = ( "92" );

"change" = ( "0" );

"expire" = ( "0" );

"realname" = ( "SecurityAgent" );

"home" = ( "/var/empty" );

"shell" = ( "/usr/bin/false" );

"_writers_passwd" = ( "securityagent" );

},

{

"name" = ( "Maddie" );

"_writers_passwd" = ( "Maddie" );

"_writers_tim_password" = ( "Maddie" );

"_writers_picture" = ( "Maddie" );

"home" = ( "/Users/Maddie" );

"gid" = ( "501" );

"picture" = ( "/Library/User Pictures/Fun/Smack.tif" );

"uid" = ( "501" );

"hint" = ( "" );

"_writers_hint" = ( "Maddie" );

"sharedDir" = ( "" );

"_shadow_passwd" = ( "" );

"_writers_realname" = ( "Maddie" );

"shell" = ( "/bin/bash" );

"passwd" = ( "********" );

"authentication_authority" = ( ";ShadowHash;" );

"realname" = ( "removed for privacy but it was my full real name" );

"generateduid" = ( "B16DB597-6096-40EB-AE8A-E39AC772A6B3" );

"naprivs" = ( "-2147483648" );

"name" = ( "appserverusr" );

"gid" = ( "79" );

"passwd" = ( "*" );

"generateduid" = ( "ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000004F" );

"smb_sid" = ( "S-1-5-21-179" );

"realname" = ( "Application Server" );

"users" = ( "Maddie" );

},

{

"name" = ( "admin" );

"gid" = ( "80" );

"passwd" = ( "*" );

"users" = ( "root", "Maddie" );

"generateduid" = ( "ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050" );

"smb_sid" = ( "S-1-5-32-544" );

"realname" = ( "Administrators" );

},

{

"name" = ( "appserveradm" );

"gid" = ( "81" );

"passwd" = ( "*" );

"generateduid" = ( "ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000051" );

"smb_sid" = ( "S-1-5-21-181" );

"realname" = ( "App Server Admins" );

"users" = ( "Maddie" );


"name" = ( "smmsp" );

"gid" = ( "25" );

"generateduid" = ( "ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000019" );

"smb_sid" = ( "S-1-5-21-125" );

},

{

"name" = ( "Maddie" );

"gid" = ( "501" );

"passwd" = ( "*" );

"generateduid" = ( "94F875D7-B45D-42CB-9E52-650CAB17D4C1" );

 

[chrfr]

Hi,
can anyone tell me from the below terminal info if I was hacked?

There's nothing there that indicates a problem.

 

[Maddie88888]

Okay, thanks ... from my research and other activity in my logs it seemed possible someone remoted into my laptop (I was on a school network) and was able to access my user account -- what I pasted above was found in a file called "local.nidump," and from what I understand it would have been possible for someone to have remoted in, used hashes to crack my password, and override my default shell.

in the above text I was concerned about the "shadow hash", "/bin/bash shell," "naprivs", "authentication authority," and "writers passwd/writers tim password/writers hint/writers realname" parts, as well as the fact that the "admin" users show as both root and Maddie. This all looks like specialized coding to me, and I myself certainly did not do it. My password and hint were not "Maddie", and the difference between "writers realname" and just "realname" is that when I set up my computer after buying it, I used the "realname" and not the nickname Maddie, as displayed on "writers realname."

I guess hacked might have been the wrong terminology; I mean more like accessed my computer remotely without my knowledge at the time.

There are a lot of other things that seem to be red flags, etc. and my computer ultimately lost a ton of data despite having no evidence of crash logs, etc. but I don't quite know where to even start with all of that.