Ergebnis 1 bis 4 von 4

Thema: webcam turns on by itself

  1. #1
    Einsteiger
    Registriert seit
    29.06.2010
    Beiträge
    2

    webcam turns on by itself

    hey all!

    i'm new here, i'm a quite advanced user, though i know not much about windows internals as i know about linux internal, but you know, sometimes windows is required.

    i have hijackthis as one of the few icons laying on my desktop and i look at it's logs from time to time, i use avast though i don't believe it can do much for me, and obviously i'm careful when browsing and opening mails.

    i have A BUNCH of tools installed on my box, but most of them are really development tools and interface tweaks.

    i can't find anything strange on hijackthis logs, but sometimes my webcam turn that green light on. yes, that little led that only turns on when some program opens the webcam device. that's really weird and i'm not comfortable with that, would someone please have a look at my logs and tell me if there's something that could be wrong? i'm almost sure every entry in the log was something i installed myself, but what if some of them are infected? these logs won't tell, right? there's no other strange behaviour besides the webcam thing.

    thank you very much for your time spent on my logs =D





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:37:16, on 29/6/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ASUSTPE.exe
    C:\Program Files\Ext2Fsd\Ext2Mgr.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Dokan\DokanLibrary\mounter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\BurnAware Free\NMSAccess32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\ATK Hotkey\WDC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\FreeShade.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Virtual Dimension\VirtualDimension.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\valter\Application Data\Dropbox\bin\Dropbox.exe
    D:\valter\Documents\AutoHotkey_expose.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
    O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
    O4 - HKLM\..\Run: [Ext2 Volume Manager] "C:\Program Files\Ext2Fsd\Ext2Mgr.exe" -quiet
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\valter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [FreeShade] freeshade.exe
    O4 - HKCU\..\Run: [Virtual Dimension] C:\Program Files\Virtual Dimension\VirtualDimension.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutoHotkey.lnk = C:\Program Files\AutoHotkey\AutoHotkey.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\valter\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: Expose.lnk = D:\documents\valter\AutoHotkey_Expose.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\BurnAware Free\NMSAccess32.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.223

    Re: webcam turns on by itself

    Welcome to HijackThis.de valtert,

    No infection showing in this log, and doesn't really sound like something malware would normally do. Even before looking at your log, while reading your info about your problem my first thought was "Skype". And sure enough, you have that installed there, as does at least one other person who posted on this same issue, and also posted a HijackThis log. Why not see if Skype has some setting there you can see as the culprit in this.

    On other idea is that Windows turned off the webcam as a power-saving measure, and re-enable it once that power situation was resolved. If you right click My Computer - click Manage - Device Manager. Locate and double-click the webcam in that list if it shows there. Then see if there is a Power Management tab, and if it is checked, uncheck:

    Allow the computer to turn off this device to save power.

    Then click OK, close the Device Manager display and reboot. Perhaps that will resolve the issue.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  3. #3
    Einsteiger
    Registriert seit
    29.06.2010
    Beiträge
    2

    Re: webcam turns on by itself

    Hi Jintan, thanks for your quick response!

    I've been experimenting once the cam was on by itself, and i started killing all processes so i could find the guilty one. And after killing most processes, i decided to close my browser (google chrome, as in logs) and my webcam led turned off.

    I have that little plugin that makes video work on gtalk inside gmail, and now i think maybe that's its fault.

    C:\Documents and Settings\valter\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

    Next time it happens i'll try to kill only this process and i'll let you know what happens =)

    I've checked the device properties of the webcam but theres no power management options, though power capabilities shows the following items: PDCAP_D0_SUPPORTED, PDCAP_D3_SUPPORTED, PDCAP_WAKE_FROM_D0_SUPPORTED being S0 mapped to D0 and all other states to D3. I was running on batteries before it turned on by itself and i even got it to sleep, so maybe it has something to do with power management. I'll keep an eye on it too!

    Thank you very much for your support!

  4. #4
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.223

    Re: webcam turns on by itself

    Those power options had me checking the info here, and here, just to be sure I knew those options and their uses. But that Google idea seems a good one to check. Please post back an update here so others might benefit from this info.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Windows Vista My pc turns off abruptly while I'm using it
    Von Alex00 im Forum English-Help
    Antworten: 6
    Letzter Beitrag: 13.03.2010, 23:03
  2. Webcam-Problem
    Von Birgit im Forum Archiv
    Antworten: 0
    Letzter Beitrag: 02.08.2008, 12:20
  3. Computers turns off when I run a virus scan
    Von Endloh im Forum Archiv
    Antworten: 15
    Letzter Beitrag: 17.05.2008, 01:27
  4. Webcam Problem
    Von Matrixmaster im Forum Vista-Archiv
    Antworten: 6
    Letzter Beitrag: 06.08.2007, 11:29
  5. Windows Update turns itself off !?
    Von TheKo im Forum Archiv
    Antworten: 9
    Letzter Beitrag: 06.08.2005, 23:14

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •