| |
| |||||||
Alles rund um Mac OSX & Linux: Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?Windows 7 Für alle Fragen rund um Mac OSX, Linux und andere Unix-Derivate. |
 |
01.11.2015, 11:30
| #1 |
 |  Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Hallo liebe Forumsteilnehmer und Experten, mein Mac (ja, richtig, ein Mac) scheint befallen zu sein mit Schadsoftware. Dies geht aus zwei offiziellen Infomails des Deutsche Telekom Abuse-Team hervor, die ich erhalten habe. Nach Rückfrage sind diese auch echte Mails mit Hinweisen, also scheint da wirklich was auf meinem Mac zu werkeln, was da nicht hingehört. Problem: Die Telekom Techniker konnten nur die Infektion feststellen, aber keine Empfehlung zur Behebung geben. Es wird einzig der Name der Bedrohung aufgelistet und diese Empfehlung ausgesprochen: +++ 1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer Wahl. 2. Ändern Sie dann alle Passwörter: - das 'Persönliche Kennwort' (für die Einwahl ins Internet) - das 'Passwort' (für das E-Mail- und Kundencenter) - das 'E-Mail-Passwort' (für E-Mail Programme, wie z. B. Microsoft Outlook) für die Dienste der Deutschen Telekom. Dies können Sie zentral im Kundencenter unter https://kundencenter.telekom.de tätigen. Vergessen Sie nicht etwaige Passwörter für Onlinebanking, eBay, Amazon, Paypal und so weiter, falls Sie solche Dienste nutzen. 3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das Betriebssystem und die installierte Software aktuell sind. Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene Schadsoftware nicht zuvor entfernt wurde. Wenn Sie hierbei Unterstützung benötigen, erreichen Sie uns von Montag bis Freitag von 08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien Rufnummer 0800 5544 300. Halten Sie hierzu Ihre Abuse-ID und Zugangsnummer, welche Sie im Betreff finden, bereit. ... Auf unserer Seite https://abusefaq.telekom.de/faq.html haben wir Ihnen viele hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt. +++ Tja, und da ich am Mac arbeite, ist diese FAQ leider nur bedingt hilfreich: - Die Empfehlung für den EU-Cleaner von botfrei scheidet aus, da dieser nur für PC erhältlich zu sein scheint: https://www.botfrei.de/telekom/ - Die Software Malwarebytes for MAC sucht anscheinend eher nach Adware: https://de.malwarebytes.org/antimalware/mac/ Nur: Mein Mac zeigt keinerlei Leistungseinbuße oder unnormales Verhalten. Bevor ich daher wild weitere Software "teste" frage ich hier im Forum lieber mal nach. Meine Fragen: Welche Bedrohung geht von APT und xcodeghost aus? Wie erkenne ich diese Schadsoftware? Wie entferne ich sie, also mit welchen Tools? Was sollte ich nach der Entfernung weiter tun? Wie kann ich einem erneuten Befall vorbeugen? Danke Euch für hilfreiche Hinweise. Grüße D-O-M zu xcodeghost wird übrigens hier bereits diskutiert: XcodeGhost: Apple veröffentlicht "Top 25" de? | Forum - heise online Der davon angerichtete Schaden scheint eher gering zu sein. Aus der Liste der verdächtigen Apps findet sich auf meinem Rechner auch keine. hxxp://www.heise.de/forum/Mac-i/News-Kommentare/XcodeGhost-Apple-veroeffentlicht-Top-25-der-infizierten-Apps/forum-246635/ hier wir bereits zu xcodeghost diskutiert. Der durch diese Schadsoftware angerichtete Schaden scheint sich aber sehr in Grenzen zu halten. |
|
01.11.2015, 14:44
| #2 |
| /// Mac Expert    | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Hi,
__________________EtreCheck Log
 Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.11.2015, 18:26
| #3 |
| | EtreCheck Auswertung Hallo Dante12,
__________________danke für die schnelle Antwort. Hier das Ergebnis von EtreCheck: Code:
ATTFilter EtreCheck version: 2.6.3 (223)
Report generated 01.11.15 18:24
Runtime 1:58
Download EtreCheck from hxxp://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Check Apple signatures: Disabled
Ignore known Apple failures: Disabled
Hide Apple tasks: Disabled
Hardware Information: (What does this mean?)
MacBook Pro (15-inch, Late 2008)
[Click for Technical Specifications]
[Click for User Guide]
MacBook Pro - model: MacBookPro5,1
1 2.4 GHz Intel Core 2 Duo CPU: 2-core
8 GB RAM
BANK 0/DIMM0
4 GB DDR3 1067 MHz ok
BANK 0/DIMM1
4 GB DDR3 1067 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 114 - SN = W042501KF6G1A
Video Information: (What does this mean?)
NVIDIA GeForce 9400M - VRAM: 256 MB
Color LCD 1440 x 900
NVIDIA GeForce 9600M GT - VRAM: 256 MB
System Software: (What does this mean?)
OS X Mountain Lion 10.8.5 (12F2560) - Time since boot: about 13 days
Disk Information: (What does this mean?)
Samsung SSD 840 PRO Series disk0 : (256,06 GB) (Solid State - TRIM: No)
disk0s1 (disk0s1) <not mounted> : 210 MB
Macintosh_SSD (disk0s2) / : 255.20 GB (26.20 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
ST9500423AS disk1 : (500,11 GB) (Rotational)
disk1s1 (disk1s1) <not mounted> : 210 MB
Macintosh_HD (disk1s2) /Volumes/Macintosh_HD : 499.76 GB (212.61 GB free)
USB Information: (What does this mean?)
Apple Inc. Built-in iSight
Apple, Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Configuration files: (What does this mean?)
/etc/hosts - Count: 7
Gatekeeper: (What does this mean?)
Mac App Store and identified developers
Kernel Extensions: (What does this mean?)
/Applications/KeyRemap4MacBook.app
[loaded] org.pqrs.driver.KeyRemap4MacBook (8.4.0 - SDK 10.8) [Click for support]
/Library/Extensions
[not loaded] com.wacom.kext.ftdi (1 - SDK 10.10) [Click for support]
/System/Library/Extensions
[loaded] at.obdev.nke.LittleSnitch (4352 - SDK 10.8) [Click for support]
[not loaded] com.microsoft.driver.MicrosoftMouse (8.2) [Click for support]
[loaded] com.parallels.kext.prl_usb_connect (7.0 15107.796624) [Click for support]
[loaded] com.vara.driver.VaraAudio (1.0.3) [Click for support]
[not loaded] com.wacom.kext.wacomtablet (6.3.11 - SDK 10.9) [Click for support]
[loaded] net.telestream.driver.TelestreamAudio (1.1.0 - SDK 10.8) [Click for support]
/System/Library/Extensions/MicrosoftMouse.kext/Contents/PlugIns
[not loaded] com.microsoft.driver.MicrosoftMouseBluetooth (8.2) [Click for support]
[not loaded] com.microsoft.driver.MicrosoftMouseUSB (8.2) [Click for support]
/Volumes/Macintosh_HD/Applications/Toast 9 Titanium/Toast Titanium.app
[not loaded] com.elgato.driver.Pluto2 (1.1) [Click for support]
[not loaded] com.roxio.BluRaySupport (1.1.6) [Click for support]
[not loaded] com.roxio.TDIXController (1.7) [Click for support]
/Volumes/Macintosh_HD/Applications/Transmit.app
[not loaded] com.panic.TransmitDisk.transmitdiskfs (4.0.0 - SDK 10.6) [Click for support]
/Volumes/Macintosh_HD/Applications/Utilities/DiskWarrior.app
[not loaded] com.alsoft.Preview (4.4) [Click for support]
/Volumes/Macintosh_HD/Library/Parallels/Parallels Service.app
[loaded] com.parallels.kext.prl_hid_hook (7.0 15107.796624) [Click for support]
[loaded] com.parallels.kext.prl_hypervisor (7.0 15107.796624) [Click for support]
[loaded] com.parallels.kext.prl_netbridge (7.0 15107.796624) [Click for support]
[loaded] com.parallels.kext.prl_vnic (7.0 15107.796624) [Click for support]
System Launch Agents: (What does this mean?)
[loaded] com.apple.AOSNotificationOSX.plist
[loaded] com.apple.AOSPushRelay.plist
[loaded] com.apple.AddressBook.AssistantService.plist
[loaded] com.apple.AddressBook.SourceSync.plist
[loaded] com.apple.AddressBook.abd.plist
[loaded] com.apple.AirPlayUIAgent.plist
[running] com.apple.AirPortBaseStationAgent.plist
[loaded] com.apple.AppleGraphicsWarning.plist
[loaded] com.apple.BezelUI.plist
[running] com.apple.CalendarAgent.plist
[loaded] com.apple.ContainerRepairAgent.plist
[loaded] com.apple.CoreLocationAgent.plist
[loaded] com.apple.CoreRAIDAgent.plist
[loaded] com.apple.DiskArbitrationAgent.plist
[running] com.apple.Dock.plist
[loaded] com.apple.FTCleanup.plist
[loaded] com.apple.FileSyncAgent.PHD.plist
[running] com.apple.Finder.plist
[loaded] com.apple.FontRegistryUIAgent.plist
[loaded] com.apple.FontValidator.plist
[loaded] com.apple.FontValidatorConduit.plist
[loaded] com.apple.FontWorker.plist
[loaded] com.apple.KerberosHelper.LKDCHelper.plist
[running] com.apple.LaunchServices.lsboxd.plist
[running] com.apple.NetworkBrowserAgent.plist
[loaded] com.apple.NetworkDiagnostics.plist
[loaded] com.apple.PCIESlotCheck.plist
[loaded] com.apple.PackageKit.InstallStatus.plist
[loaded] com.apple.PubSub.Agent.plist
[loaded] com.apple.ReclaimSpaceAgent.plist
[loaded] com.apple.RemoteDesktop.plist
[loaded] com.apple.ReportCrash.Self.plist
[loaded] com.apple.ReportCrash.plist
[loaded] com.apple.ReportGPURestart.plist
[loaded] com.apple.ReportPanic.plist
[loaded] com.apple.SSInvitationAgent.plist
[loaded] com.apple.SafariNotificationAgent.plist
[loaded] com.apple.ScreenReaderUIServer.plist
[loaded] com.apple.ServiceManagement.LoginItems.plist
[loaded] com.apple.SocialPushAgent.plist
[loaded] com.apple.SubmitDiagInfo.plist
[loaded] com.apple.SubmitDiagInfo.xpc.plist
[running] com.apple.SystemUIServer.plist
[loaded] com.apple.TMLaunchAgent.plist
[loaded] com.apple.TrustEvaluationAgent.plist
[running] com.apple.UserEventAgent-Aqua.plist
[loaded] com.apple.UserEventAgent-LoginWindow.plist
[loaded] com.apple.UserNotificationCenterAgent-LoginWindow.plist
[loaded] com.apple.UserNotificationCenterAgent.plist
[loaded] com.apple.VoiceOver.plist
[loaded] com.apple.WebKit.PluginAgent.plist
[loaded] com.apple.ZoomWindow.plist
[running] com.apple.accountsd.plist
[failed] com.apple.afpstat.plist [Click for details]
[loaded] com.apple.alf.useragent.plist
[loaded] com.apple.aos.migrate.plist
[loaded] com.apple.appstoreupdateagent.plist
[loaded] com.apple.apsctl.plist
[loaded] com.apple.assistant_service.plist
[running] com.apple.assistantd.plist
[loaded] com.apple.bluetoothAudioAgent.plist
[loaded] com.apple.bluetoothUIServer.plist
[loaded] com.apple.btsa.plist
[loaded] com.apple.cfnetwork.AuthBrokerAgent.plist
[loaded] com.apple.cfnetwork.cfnetworkagent.plist
[running] com.apple.cfprefsd.xpc.agent.plist
[running] com.apple.cookied.plist
[loaded] com.apple.coredata.externalrecordswriter.plist
[running] com.apple.coreservices.appleid.authentication.plist
[loaded] com.apple.coreservices.uiagent.plist
[loaded] com.apple.csuseragent.plist
[loaded] com.apple.cvmsCompAgent_i386.plist
[loaded] com.apple.cvmsCompAgent_i386_1.plist
[running] com.apple.cvmsCompAgent_x86_64.plist
[running] com.apple.cvmsCompAgent_x86_64_1.plist
[running] com.apple.distnoted.xpc.agent.plist
[loaded] com.apple.familycontrols.useragent.plist
[loaded] com.apple.findmymacmessenger.plist
[running] com.apple.fontd.useragent.plist
[loaded] com.apple.gamed.plist
[running] com.apple.helpd.plist
[loaded] com.apple.iChat.Theater.plist
[running] com.apple.imagent.plist
[loaded] com.apple.imklaunchagent.plist
[loaded] com.apple.installd.user.plist
[loaded] com.apple.isst.plist
[loaded] com.apple.java.InstallOnDemand.plist
[loaded] com.apple.java.updateSharing.plist
[running] com.apple.librariand.plist
[loaded] com.apple.locationmenu.plist
[loaded] com.apple.lookupd.plist
[loaded] com.apple.marcoagent.plist
[loaded] com.apple.maspushagent.plist
[loaded] com.apple.mdmclient.agent.plist
[loaded] com.apple.mdworker.32bit.plist
[loaded] com.apple.mdworker.bundles.plist
[loaded] com.apple.mdworker.isolation.plist
[loaded] com.apple.mdworker.lsb.plist
[loaded] com.apple.mdworker.mail.plist
[loaded] com.apple.mdworker.shared.plist
[loaded] com.apple.mdworker.single.plist
[loaded] com.apple.metadata.mdwrite.plist
[loaded] com.apple.midiserver.plist
[failed] com.apple.mrt.uiagent.plist
[loaded] com.apple.netauth.user.auth.plist
[loaded] com.apple.netauth.user.gui.plist
[running] com.apple.notificationcenterui.plist
[loaded] com.apple.parentalcontrols.check.plist
[running] com.apple.pboard.plist
[running] com.apple.pbs.plist
[loaded] com.apple.pictd.plist
[loaded] com.apple.printtool.agent.plist
[loaded] com.apple.printuitool.agent.plist
[loaded] com.apple.quicklook.32bit.plist
[loaded] com.apple.quicklook.config.plist
[running] com.apple.quicklook.plist
[loaded] com.apple.quicklook.ui.helper.plist
[loaded] com.apple.rcd.plist
[loaded] com.apple.safaridavclient.plist
[loaded] com.apple.scopedbookmarkagent.xpc.plist
[loaded] com.apple.screensharing.MessagesAgent.plist
[loaded] com.apple.screensharing.agent.plist
[loaded] com.apple.scrod.plist
[loaded] com.apple.sociald.plist
[loaded] com.apple.speech.feedbackservicesserver.plist
[loaded] com.apple.speech.recognitionserver.plist
[loaded] com.apple.speech.synthesisserver.plist
[loaded] com.apple.speech.voiceinstallerd.plist
[loaded] com.apple.spindump_agent.plist
[loaded] com.apple.store_helper.plist
[loaded] com.apple.storeagent.plist
[loaded] com.apple.syncdefaultsd.plist
[loaded] com.apple.syncservices.SyncServer.plist
[loaded] com.apple.syncservices.uihandler.plist
[loaded] com.apple.systemprofiler.plist
[running] com.apple.talagent.plist
[running] com.apple.tccd.plist
[loaded] com.apple.tiswitcher.plist
[loaded] com.apple.twitterd.plist
[running] com.apple.ubd.plist
[loaded] com.apple.universalaccesscontrol.plist
[loaded] com.apple.universalaccessd.plist
[loaded] com.apple.unmountassistant.useragent.plist
[running] com.apple.usernoted.plist
[loaded] com.apple.weibod.plist
[loaded] com.apple.xmigrationhelper.user.plist
[loaded] org.openbsd.ssh-agent.plist
System Launch Daemons: (What does this mean?)
[loaded] bootps.plist
[loaded] com.apple.AOSNotificationFMM.plist
[loaded] com.apple.AirPlayXPCHelper.plist
[loaded] com.apple.AppleFileServer.plist
[loaded] com.apple.CoreRAID.plist
[loaded] com.apple.DiagnosticReportCleanUp.plist
[loaded] com.apple.DumpGPURestart.plist
[loaded] com.apple.DumpPanic.plist
[running] com.apple.FileCoordination.plist
[loaded] com.apple.FileSyncAgent.sshd.plist
[loaded] com.apple.FontWorker.plist
[loaded] com.apple.IFCStart.plist
[loaded] com.apple.IOAccelMemoryInfoCollector.plist
[loaded] com.apple.IOBluetoothUSBDFU.plist
[loaded] com.apple.InternetSharing.plist
[loaded] com.apple.Kerberos.digest-service.plist
[loaded] com.apple.Kerberos.kadmind.plist
[loaded] com.apple.Kerberos.kcm.plist
[loaded] com.apple.Kerberos.kdc.plist
[loaded] com.apple.Kerberos.kpasswdd.plist
[running] com.apple.KernelEventAgent.plist
[loaded] com.apple.ManagedClient.plist
[loaded] com.apple.ManagedClient.startup.plist
[loaded] com.apple.NetBootClientStatus.plist
[loaded] com.apple.NetworkDiagnostics.plist
[loaded] com.apple.NetworkLinkConditioner.plist
[loaded] com.apple.ODSAgent.plist
[loaded] com.apple.PCIELaneConfigTool.plist
[loaded] com.apple.PasswordService.plist
[loaded] com.apple.RFBEventHelper.plist
[loaded] com.apple.RemoteDesktop.PrivilegeProxy.plist
[loaded] com.apple.ReportCrash.Root.plist
[loaded] com.apple.SCHelper.plist
[loaded] com.apple.SecurityAgent.plist
[loaded] com.apple.ServerPerfLog.aslmanager.plist
[loaded] com.apple.ServerPerfLog.plist
[loaded] com.apple.SystemStarter.plist
[loaded] com.apple.TrustEvaluationAgent.system.plist
[running] com.apple.UserEventAgent-System.plist
[running] com.apple.UserNotificationCenter.plist
[running] com.apple.WindowServer.plist
[loaded] com.apple.activitymonitord.plist
[loaded] com.apple.afpfs_afpLoad.plist
[running] com.apple.afpfs_checkafp.plist
[loaded] com.apple.airport.wps.plist
[loaded] com.apple.airportPrefsUpdater.plist
[loaded] com.apple.airportd.plist
[loaded] com.apple.alf.agent.plist
[loaded] com.apple.appleprofilepolicyd.plist
[running] com.apple.apsd.plist
[loaded] com.apple.aslmanager.plist
[loaded] com.apple.atrun.plist
[running] com.apple.audio.coreaudiod.plist
[loaded] com.apple.auditd.plist
[loaded] com.apple.authorizationhost.plist
[running] com.apple.autofsd.plist
[loaded] com.apple.automountd.plist
[loaded] com.apple.avbdeviced.plist
[loaded] com.apple.awacsd.plist
[loaded] com.apple.backupd-attach.plist
[loaded] com.apple.backupd-auto.plist
[loaded] com.apple.backupd-wake.plist
[loaded] com.apple.backupd.plist
[running] com.apple.blued.plist
[loaded] com.apple.bnepd.plist
[loaded] com.apple.bsd.dirhelper.plist
[running] com.apple.bsd.launchdadd.plist
[running] com.apple.cfprefsd.xpc.daemon.plist
[loaded] com.apple.cmio.AVCAssistant.plist
[loaded] com.apple.cmio.AppleCameraAssistant.plist
[loaded] com.apple.cmio.IIDCVideoAssistant.plist
[loaded] com.apple.cmio.VDCAssistant.plist
[loaded] com.apple.comsat.plist
[running] com.apple.configd.plist
[loaded] com.apple.configureLocalKDC.plist
[running] com.apple.coreservices.appleevents.plist
[loaded] com.apple.coreservices.appleid.passwordcheck.plist
[running] com.apple.coreservicesd.plist
[loaded] com.apple.corestorage.corestoraged.plist
[loaded] com.apple.corestorage.corestoragehelperd.plist
[running] com.apple.coresymbolicationd.plist
[running] com.apple.cvmsServ.plist
[running] com.apple.diskarbitrationd.plist
[loaded] com.apple.diskmanagementd.plist
[running] com.apple.distnoted.xpc.daemon.plist
[loaded] com.apple.dnsextd.plist
[loaded] com.apple.docsetinstalld.plist
[loaded] com.apple.dpd.plist
[loaded] com.apple.dspluginhelperd.plist
[loaded] com.apple.dvdplayback.setregion.plist
[running] com.apple.dynamic_pager.plist
[loaded] com.apple.eapolcfg_auth.plist
[loaded] com.apple.efax.plist
[loaded] com.apple.efilogin-helper.plist
[loaded] com.apple.emlog.plist
[failed] com.apple.emond.aslmanager.plist [Click for details]
[loaded] com.apple.emond.plist
[loaded] com.apple.eppc.plist
[loaded] com.apple.familycontrols.plist
[loaded] com.apple.findmymac.plist
[loaded] com.apple.findmymacmessenger.plist
[loaded] com.apple.firmwaresyncd.plist
[running] com.apple.fontd.plist
[loaded] com.apple.fontmover.plist
[running] com.apple.fseventsd.plist
[loaded] com.apple.ftp-proxy.plist
[loaded] com.apple.geod.plist
[loaded] com.apple.getty.plist
[loaded] com.apple.gkreport.plist
[loaded] com.apple.gssd.plist
[running] com.apple.hdiejectd.plist
[running] com.apple.hidd.plist
[loaded] com.apple.installd.plist
[loaded] com.apple.kcproxy.plist
[loaded] com.apple.kdumpd.plist
[running] com.apple.kextd.plist
[loaded] com.apple.kuncd.plist
[loaded] com.apple.locate.plist
[running] com.apple.locationd.plist
[loaded] com.apple.lockd.plist
[loaded] com.apple.locum.plist
[running] com.apple.logind.plist
[running] com.apple.loginwindow.plist
[loaded] com.apple.loginwindow.secureerase.plist
[running] com.apple.mDNSResponder.plist
[loaded] com.apple.mDNSResponderHelper.plist
[loaded] com.apple.mbicloudsetupd.plist
[loaded] com.apple.mdmclient.daemon.plist
[running] com.apple.metadata.mds.plist
[loaded] com.apple.metadata.mds.scan.plist
[loaded] com.apple.metadata.mds.spindump.plist
[loaded] com.apple.mrt.plist
[loaded] com.apple.msrpc.echosvc.plist
[loaded] com.apple.msrpc.lsarpc.plist
[loaded] com.apple.msrpc.mdssvc.plist
[loaded] com.apple.msrpc.netlogon.plist
[loaded] com.apple.msrpc.srvsvc.plist
[loaded] com.apple.msrpc.wkssvc.plist
[running] com.apple.mtmd.plist
[running] com.apple.mtmfs.plist
[loaded] com.apple.netauth.sys.auth.plist
[loaded] com.apple.netauth.sys.gui.plist
[running] com.apple.netbiosd.plist
[running] com.apple.networkd.plist
[loaded] com.apple.networkd_privileged.plist
[loaded] com.apple.newsyslog.plist
[loaded] com.apple.nfsconf.plist
[loaded] com.apple.nfsd.plist
[loaded] com.apple.nis.rpc.yppasswdd.plist
[loaded] com.apple.nis.ypbind.plist
[loaded] com.apple.nis.ypserv.plist
[running] com.apple.notifyd.plist
[running] com.apple.ocspd.plist
[loaded] com.apple.odproxyd.plist
[running] com.apple.opendirectoryd.plist
[loaded] com.apple.periodic-daily.plist
[loaded] com.apple.periodic-monthly.plist
[loaded] com.apple.periodic-weekly.plist
[loaded] com.apple.pfctl.plist
[loaded] com.apple.platform.ptmd.plist
[running] com.apple.powerd.plist
[loaded] com.apple.preferences.timezone.admintool.plist
[loaded] com.apple.preferences.timezone.auto.plist
[loaded] com.apple.printtool.daemon.plist
[loaded] com.apple.racoon.plist
[loaded] com.apple.remotepairtool.plist
[running] com.apple.revisiond.plist
[loaded] com.apple.rpcbind.plist
[loaded] com.apple.rpmuxd.plist
[loaded] com.apple.sandboxd.plist
[loaded] com.apple.screensharing.plist
[loaded] com.apple.scsid.plist
[loaded] com.apple.secd.plist
[loaded] com.apple.security.FDERecoveryAgent.plist
[running] com.apple.security.syspolicy.plist
[running] com.apple.securityd.plist
[loaded] com.apple.shutdown_monitor.plist
[running] com.apple.sleepservicesd.plist
[loaded] com.apple.smb.preferences.plist
[loaded] com.apple.smbd.plist
[loaded] com.apple.softwareupdatecheck.initial.plist
[loaded] com.apple.softwareupdatecheck.periodic.plist
[loaded] com.apple.spindump.plist
[loaded] com.apple.spindump_symbolicator.plist
[running] com.apple.stackshot.plist
[loaded] com.apple.statd.notify.plist
[loaded] com.apple.store_helper.recovery.plist
[loaded] com.apple.storeagent.recovery.plist
[loaded] com.apple.storereceiptinstaller.plist
[loaded] com.apple.suhelperd.plist
[running] com.apple.syslogd.plist
[running] com.apple.sysmond.plist
[loaded] com.apple.systemkeychain.plist
[loaded] com.apple.systempreferences.installer.plist
[loaded] com.apple.systempreferences.writeconfig.plist
[loaded] com.apple.taskgated-helper.plist
[running] com.apple.taskgated.plist
[loaded] com.apple.ucupdate.plist
[loaded] com.apple.uninstalld.plist
[loaded] com.apple.unmountassistant.sysagent.plist
[running] com.apple.usbmuxd.plist
[loaded] com.apple.uucp.plist
[loaded] com.apple.var-db-dslocal-backup.plist
[loaded] com.apple.vsdbutil.plist
[running] com.apple.warmd.plist
[running] com.apple.wdhelper.plist
[loaded] com.apple.webdavfs_load_kext.plist
[loaded] com.apple.wifid.plist
[loaded] com.apple.xpcd.plist
[loaded] com.apple.xprotectupdater.plist
[loaded] com.apple.xprotectupdaterinit.plist
[loaded] com.apple.xsan.plist
[loaded] com.apple.xsanmgrd.plist
[loaded] com.apple.xscertadmin.plist
[loaded] com.apple.xscertd-helper.plist
[loaded] com.apple.xscertd.plist
[loaded] com.danga.memcached.plist
[loaded] com.vix.cron.plist
[loaded] exec.plist
[loaded] finger.plist
[loaded] ftp.plist
[loaded] login.plist
[loaded] ntalk.plist
[loaded] org.apache.httpd.plist
[loaded] org.cups.cups-lpd.plist
[running] org.cups.cupsd.plist
[loaded] org.freeradius.radiusd.plist
[loaded] org.isc.named.plist
[loaded] org.net-snmp.snmpd.plist
[running] org.ntp.ntpd.plist
[loaded] org.openldap.slapd.plist
[loaded] org.postfix.master.plist
[loaded] org.postgresql.postgres_alt.plist
[loaded] shell.plist
[loaded] ssh.plist
[loaded] telnet.plist
[loaded] tftp.plist
Launch Agents: (What does this mean?)
[running] at.obdev.LittleSnitchUIAgent.plist [Click for support]
[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.AdobeCreativeCloud.plist [Click for support]
[loaded] com.parallels.DesktopControlAgent.plist [Click for support]
[loaded] com.parallels.desktop.launch.plist [Click for support]
[running] com.parallels.vm.prl_pcproxy.plist [Click for support]
[loaded] com.teamviewer.teamviewer.plist [Click for support]
[loaded] com.teamviewer.teamviewer_desktop.plist [Click for support]
[running] com.wacom.wacomtablet.plist [Click for support]
[loaded] com.xrite.device.softwareupdate.plist [Click for support]
[failed] io.pyd.sync.launcher.plist [Click for support]
[failed] io.pyd.sync.ui.plist [Click for support]
[loaded] io.pyd.synchro.launcher.plist [Click for support]
[loaded] org.pqrs.KeyRemap4MacBook.server.plist [Click for support]
Launch Daemons: (What does this mean?)
[running] at.obdev.littlesnitchd.plist [Click for support]
[loaded] com.adobe.SwitchBoard.plist [Click for support]
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.bresink.system.securityagent3a.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.ovh.hubiCFinderPlugin.Installer.plist [Click for support]
[running] com.parallels.desktop.launchdaemon.plist [Click for support]
[loaded] com.teamviewer.Helper.plist [Click for support]
[loaded] com.teamviewer.teamviewer_service.plist [Click for support]
[running] com.xrite.device.xrdd.plist [Click for support]
[loaded] org.cindori.AuthHelper.plist [Click for support]
[loaded] org.cindori.TEAuth.plist [Click for support]
[loaded] org.pqrs.KeyRemap4MacBook.load.plist [Click for support]
User Launch Agents: (What does this mean?)
[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.apple.AddressBook.ScheduledSync.PHXC...plist
[loaded] com.google.keystone.agent.plist [Click for support]
User Login Items: (What does this mean?)
iTunesHelper Programm (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
ShadowSweeper Programm Hidden (/Applications/ShadowSweeper.app)
Namely Programm Hidden (/Applications/Namely.app)
TextExpander4.3.6 Programm Hidden (/Applications/TextExpander4.3.6.app)
TotalFinder Programm (/Applications/TotalFinder.app)
PowerboxInjector Programm (/Applications/PowerboxInjector.app)
Other Apps: (What does this mean?)
[running] 0x7f9622c03ac0.anonymous.coreservicesd - Invalid signature!
[running] 0x7f9622c04bb0.anonymous.apsd - Invalid signature!
[running] 0x7f9622c04ea0.anonymous.loginwindow - Invalid signature!
[running] 0x7f9622c051a0.anonymous.WindowServer - Invalid signature!
[running] 0x7f9622c142c0.anonymous.loginwindow - Invalid signature!
[running] 0x7f9622c14e00.anonymous.CVMServer - Invalid signature!
[running] 0x7f9622c16020.anonymous.AdobeIPCBroker - Invalid signature!
[running] 0x7f9622c17650.anonymous.prl_disp_servic - Invalid signature!
[running] 0x7f9622c17950.anonymous.sh - Invalid signature!
[running] 0x7f9622c18790.anonymous.com.apple.iClou - Invalid signature!
[running] 0x7f9622c19fe0.anonymous.com.apple.dock. - Invalid signature!
[running] 0x7f9622c1ad30.anonymous.AdobeCrashDaemo - Invalid signature!
[running] 0x7f9622d064a0.anonymous.mds - Invalid signature!
[running] 0x7f9622d23200.anonymous.Little Snitch D - Invalid signature!
[running] 0x7f9622d247e0.anonymous.WindowServer - Invalid signature!
[running] 0x7f9622d26e60.anonymous.diskarbitration - Invalid signature!
[running] 0x7f9622d27ce0.anonymous.com.apple.secur - Invalid signature!
[running] 0x7f9709c10760.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c12b60.anonymous.diskimages-help - Invalid signature!
[running] 0x7f9709c172e0.anonymous.Dock - Invalid signature!
[running] 0x7f9709c175d0.anonymous.launchd - Invalid signature!
[running] 0x7f9709c178c0.anonymous.launchd - Invalid signature!
[running] 0x7f9709c17bb0.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c21f30.anonymous.com.apple.dock. - Invalid signature!
[running] 0x7f9709c22220.anonymous.launchd - Invalid signature!
[running] 0x7f9709c22510.anonymous.com.apple.dock. - Invalid signature!
[running] 0x7f9709c22810.anonymous.launchd - Invalid signature!
[running] 0x7f9709c22b00.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c2b510.anonymous.com.apple.iClou - Invalid signature!
[running] 0x7f9709c2b810.anonymous.launchd - Invalid signature!
[running] 0x7f9709c2bb00.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c33100.anonymous.com.apple.audio - Invalid signature!
[running] 0x7f9709c47650.anonymous.com.apple.secur - Invalid signature!
[running] 0x7f9709c5ddb0.anonymous.loginwindow - Invalid signature!
[running] 0x7f9709c5e0b0.anonymous.launchd - Invalid signature!
[running] 0x7f9709c5e3a0.anonymous.launchd - Invalid signature!
[running] 0x7f9709c5e690.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c5e9a0.anonymous.CalendarAgent - Invalid signature!
[running] 0x7f9709c5ed50.anonymous.com.apple.dock. - Invalid signature!
[running] 0x7f9709c5f7d0.anonymous.launchd - Invalid signature!
[running] 0x7f9709c5fac0.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c61a60.anonymous.launchd - Invalid signature!
[running] 0x7f9709c61e40.anonymous.imagent - Invalid signature!
[running] 0x7f9709c63a80.anonymous.com.apple.Share - Invalid signature!
[running] 0x7f9709c63d70.anonymous.com.apple.Share - Invalid signature!
[running] 0x7f9709c64070.anonymous.launchd - Invalid signature!
[running] 0x7f9709c64360.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c6b2a0.anonymous.ubd - Invalid signature!
[running] 0x7f9709c6bc40.anonymous.com.apple.secur - Invalid signature!
[running] 0x7f9709c72150.anonymous.launchd - Invalid signature!
[running] 0x7f9709c72440.anonymous.launchd - Invalid signature!
[running] 0x7f9709c72730.anonymous.xpcd - Invalid signature!
[running] 0x7f9709c7c230.anonymous.com.apple.iClou - Invalid signature!
[running] 0x7f9709c7c520.anonymous.launchd - Invalid signature!
[running] 0x7f9709c7c810.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d39b80.anonymous.prl_disp_servic - Invalid signature!
[running] 0x7f9709d3ca20.anonymous.launchd - Invalid signature!
[running] 0x7f9709d3cd10.anonymous.launchd - Invalid signature!
[running] 0x7f9709d3d000.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d3ffe0.anonymous.com.apple.secur - Invalid signature!
[running] 0x7f9709d44210.anonymous.TextEdit - Invalid signature!
[running] 0x7f9709d44500.anonymous.launchd - Invalid signature!
[running] 0x7f9709d447f0.anonymous.launchd - Invalid signature!
[running] 0x7f9709d44ae0.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d459b0.anonymous.launchd - Invalid signature!
[running] 0x7f9709d4d470.anonymous.Preview - Invalid signature!
[running] 0x7f9709d4d980.anonymous.imagent - Invalid signature!
[running] 0x7f9709d4dc70.anonymous.launchd - Invalid signature!
[running] 0x7f9709d4df60.anonymous.launchd - Invalid signature!
[running] 0x7f9709d4e250.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d520d0.anonymous.coreaudiod - Invalid signature!
[running] 0x7f9709d5a940.anonymous.launchd - Invalid signature!
[running] 0x7f9709d5ac30.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d5ed30.anonymous.com.apple.audio - Invalid signature!
[running] 0x7f9709d5f030.anonymous.launchd - Invalid signature!
[running] 0x7f9709d5f320.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d669c0.anonymous.CalendarAgent - Invalid signature!
[running] 0x7f9709d66cc0.anonymous.launchd - Invalid signature!
[running] 0x7f9709d66fb0.anonymous.launchd - Invalid signature!
[running] 0x7f9709d672a0.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d722c0.anonymous.diskimages-help - Invalid signature!
[running] 0x7f9709d725c0.anonymous.com.apple.iClou - Invalid signature!
[running] 0x7f9709d72bc0.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d73600.anonymous.launchd - Invalid signature!
[running] 0x7f9709d7bb30.anonymous.com.apple.iClou - Invalid signature!
[running] 0x7f9709d7c960.anonymous.Dock - Invalid signature!
[running] 0x7f9709d7cc50.anonymous.launchd - Invalid signature!
[running] 0x7f9709d7cf40.anonymous.launchd - Invalid signature!
[running] 0x7f9709d7d230.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d850b0.anonymous.com.apple.dock. - Invalid signature!
[running] 0x7f9709d853a0.anonymous.TextEdit - Invalid signature!
[running] 0x7f9709d85690.anonymous.launchd - Invalid signature!
[running] 0x7f9709d85980.anonymous.launchd - Invalid signature!
[running] 0x7f9709d85c70.anonymous.xpcd - Invalid signature!
[running] 0x7f9709d8d210.anonymous.com.apple.secur - Invalid signature!
[running] 0x7f9709d8d510.anonymous.launchd - Invalid signature!
[running] 0x7f9709d8d800.anonymous.xpcd - Invalid signature!
[running] [0x0-0xa6fa6f].com.apple.iTunesHelper - Invalid signature!
[running] [0x0-0xa79a79].com.asagoo.namely
[running] [0x0-0xa7aa7a].com.binaryage.totalfinder.agent
[running] [0x0-0xa7ba7b].jp.cvz.PowerboxInjector
[running] [0x0-0xa7ca7c].com.wacom.WacomTouchDriver
[running] [0x0-0xa7fa7f].at.obdev.LittleSnitchNetworkMonitor
[running] [0x0-0xa82a82].com.adobe.acc.AdobeDesktopService
[running] [0x0-0xa83a83].com.wacom.TabletDriver
[running] [0x0-0xa85a85].com.binaryage.totalfinder.crashwatcher
[running] [0x0-0xa88a88].com.adobe.accmac
[running] [0x0-0xa8da8d].com.apple.systemevents - Invalid signature!
[running] [0x0-0xa8ea8e].com.apple.AppleSpell - Invalid signature!
[running] [0x0-0xa8fa8f].com.etresoft.EtreCheck
[running] [0x0-0xa95a95].com.apple.TextEdit - Invalid signature!
[loaded] com.apple.AppSandboxSMLoginItemEnabler - Invalid signature!
[loaded] com.apple.CMValidateMovieDataReferenceService - Invalid signature!
[loaded] com.apple.CoreText.FontDownloadHelper - Invalid signature!
[loaded] com.apple.DataDetectors.DataDetectorsActionService - Invalid signature!
[loaded] com.apple.HasTRB - Invalid signature!
[loaded] com.apple.ImageKit.RecentPictureService - Invalid signature!
[loaded] com.apple.PDFKit.PDFFileRefsValidator - Invalid signature!
[loaded] com.apple.PerformanceAnalysis.animationperfd - Invalid signature!
[loaded] com.apple.Preview.TrustedBookmarksService - Invalid signature!
[loaded] com.apple.SafariServices - Invalid signature!
[loaded] com.apple.SceneKit.C3DColladaResourcesCoordinator - Invalid signature!
[loaded] com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186A5 - Invalid signature!
[loaded] com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186F5 - Invalid signature!
[running] com.apple.ShareKitHelper - Invalid signature!
[loaded] com.apple.XType.FontHelper - Invalid signature!
[loaded] com.apple.appkit.xpc.sandboxedServiceRunner - Invalid signature!
[loaded] com.apple.audio.ComponentHelper - Invalid signature!
[loaded] com.apple.audio.InfoHelper - Invalid signature!
[loaded] com.apple.audio.SandboxHelper - Invalid signature!
[loaded] com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A0 - Invalid signature!
[loaded] com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A5 - Invalid signature!
[loaded] com.apple.authorizationhost.00000000-0000-0000-0000-0000000186F5 - Invalid signature!
[loaded] com.apple.automator.xpc.workflowServiceRunner - Invalid signature!
[loaded] com.apple.cmio.registerassistantservice - Invalid signature!
[loaded] com.apple.coremedia.videodecoder - Invalid signature!
[loaded] com.apple.desktopservices.KeynoteConverterXPCService - Invalid signature!
[loaded] com.apple.desktopservices.KeynoteConverterXPCService32 - Invalid signature!
[loaded] com.apple.desktopservices.KeynoteConverterXPCService64 - Invalid signature!
[loaded] com.apple.desktopservices.NumbersConverterXPCService - Invalid signature!
[loaded] com.apple.desktopservices.NumbersConverterXPCService32 - Invalid signature!
[loaded] com.apple.desktopservices.NumbersConverterXPCService64 - Invalid signature!
[loaded] com.apple.desktopservices.PagesConverterXPCService - Invalid signature!
[loaded] com.apple.desktopservices.PagesConverterXPCService32 - Invalid signature!
[loaded] com.apple.desktopservices.PagesConverterXPCService64 - Invalid signature!
[loaded] com.apple.dock.ecti - Invalid signature!
[running] com.apple.dock.extra - Invalid signature!
[loaded] com.apple.foundation.UserScriptService - Invalid signature!
[loaded] com.apple.hiservices-xpcservice - Invalid signature!
[running] com.apple.iCloudHelper - Invalid signature!
[loaded] com.apple.imdmessageservices.IMDMessageServicesAgent - Invalid signature!
[loaded] com.apple.imfoundation.IMRemoteURLConnectionAgent - Invalid signature!
[loaded] com.apple.imtranscoding.IMTranscoderAgent - Invalid signature!
[loaded] com.apple.imtransferservices.IMTransferAgent - Invalid signature!
[loaded] com.apple.launchctl.Aqua - Invalid signature!
[loaded] com.apple.launchctl.Background - Invalid signature!
[loaded] com.apple.launchctl.System - Invalid signature!
[running] com.apple.launchd.peruser.200 - Invalid signature!
[loaded] com.apple.launchd.peruser.202 - Invalid signature!
[running] com.apple.launchd.peruser.212 - Invalid signature!
[loaded] com.apple.launchd.peruser.26 - Invalid signature!
[running] com.apple.launchd.peruser.501 - Invalid signature!
[running] com.apple.launchd.peruser.502 - Invalid signature!
[running] com.apple.launchd.peruser.503 - Invalid signature!
[running] com.apple.launchd.peruser.504 - Invalid signature!
[running] com.apple.launchd.peruser.88 - Invalid signature!
[running] com.apple.launchd.peruser.89 - Invalid signature!
[running] com.apple.launchd.peruser.92 - Invalid signature!
[loaded] com.apple.locum.1DA873B4-0A53-49CB-BD49-E41D74A42B79 - Invalid signature!
[loaded] com.apple.locum.235A3BAE-03F3-4C5B-A9B6-19BC904C04C1 - Invalid signature!
[loaded] com.apple.locum.4B1FBA1C-871D-4263-A3CA-70DC73D6E1D7 - Invalid signature!
[loaded] com.apple.locum.D4AC0E00-CE96-4316-8BBB-2660ABAB02B3 - Invalid signature!
[loaded] com.apple.mdworker.32bit.01000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.mdworker.lsb.01000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.mdworker.shared.01000000-0000-0000-0000-000000000000 - Invalid signature!
[running] com.apple.mdworker.shared.02000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.mdworker.shared.03000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.mdworker.single.08000000-0000-0000-0000-000000000000 - Invalid signature!
[loaded] com.apple.qtkitserver - Invalid signature!
[loaded] com.apple.qtkittrustedmoviesservice - Invalid signature!
[loaded] com.apple.security.XPCKeychainSandboxCheck - Invalid signature!
[loaded] com.apple.security.XPCTimeStampingService - Invalid signature!
[loaded] com.apple.security.pboxd - Invalid signature!
[loaded] com.apple.speech.synthesis.activityd - Invalid signature!
[running] com.apple.xpcd.CA000000-0000-0000-0000-000000000000 - Invalid signature!
[running] com.apple.xpcd.F5010000-0000-0000-0000-000000000000 - Invalid signature!
[running] com.apple.xpcd.F6010000-0000-0000-0000-000000000000 - Invalid signature!
[running] com.github.norio-nomura.SIMBL-Agent
[running] com.parallels.vm.prl_naptd
Internet Plug-ins: (What does this mean?)
Unity Web Player: Version: UnityPlayer version 4.5.5f1 - SDK 10.6 [Click for support]
AdobeExManDetect: Version: AdobeExManDetect 1.1.0.0 - SDK 10.7 [Click for support]
Flip4Mac WMV Plugin: Version: 2.4.4.2 [Click for support]
WacomTabletPlugin: Version: WacomTabletPlugin 2.1.0.6 - SDK 10.9 [Click for support]
AdobeAAMDetect: Version: 3.0.0.0 - SDK 10.9 [Click for support]
FlashPlayer-10.6: Version: 19.0.0.226 - SDK 10.6 [Click for support]
AdobePDFViewerNPAPI: Version: 11.0.0 - SDK 10.6 [Click for support]
Flash Player: Version: 19.0.0.226 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.1
PepperFlashPlayer: Version: 18.0.0.232 - SDK 10.6 [Click for support]
SharePointBrowserPlugin: Version: 14.5.5 - SDK 10.6 [Click for support]
AdobePDFViewer: Version: 11.0.0 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: 14.9.0 - SDK 10.7 Check version
3rd Party Preference Panes: (What does this mean?)
Flash Player [Click for support]
Flip4Mac WMV [Click for support]
Microsoft Mouse [Click for support]
SneakPeek Pro [Click for support]
TimeMachineScheduler [Click for support]
WacomTablet [Click for support]
Time Machine: (What does this mean?)
Skip System Files: NO
Mobile backups: ON
Auto backup: YES
Volumes being backed up:
Macintosh_SSD: Disk size: 255.20 GB Disk used: 229.00 GB
Destinations:
TimeCapsule [Network]
Total size: 997.71 GB
Total number of backups: 27
Oldest backup: 14.02.15 15:36
Last backup: 29.10.15 22:20
Size of backup disk: Excellent
Backup size 997.71 GB > (Disk size 255.20 GB X 3)
backup_office [Local]
Total size: 999.86 GB
Total number of backups: 14
Oldest backup: 11.03.15 16:50
Last backup: 29.10.15 23:16
Size of backup disk: Excellent
Backup size 999.86 GB > (Disk size 255.20 GB X 3)
Top Processes by CPU: (What does this mean?)
13% firefox
5% WindowServer
4% thunderbird
3% fontd(2)
3% UserNotificationCenter
Top Processes by Memory: (What does this mean?)
549 MB thunderbird
541 MB firefox
311 MB mds
188 MB Finder(2)
131 MB WindowServer
Virtual Memory Information: (What does this mean?)
2.45 GB Free RAM
5.55 GB Used RAM
123 MB Swap Used
Diagnostics Information: (What does this mean?)
Nov 1, 2015, 06:21:38 PM /Library/Logs/DiagnosticReports/WacomTabletDriver_2015-11-01-182138_[redacted].crash
|
|
01.11.2015, 23:40
| #4 | ||
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Nichts deutet auf eine Infektion hin. Vorab eine Frage: Bist du Entwickler und schreibst Programme mit Xcode? Wenn nicht, hast du keine Möglichkeit zu prüfen welche Apps mit Xcodeghost infiziert sind. Die Prüfung der Apps erfolgt bereits im AppStore du kannst höchstens die Versionen prüfen (falls welche der unten im Link angezeigten apps bei dir vorhanden sind). The list of affected apps and what you should do Schritt 1 Prüfe folgende Verbindungen (mit LittleSnitch sollte es kein Problem sein). Verbindungen die mit XCodeGhost geführt werden (url): Zitat:
Zitat:
Code:
ATTFilter sudo lsof -i
Im nachfolgenden Lauf lasse die Ausgabe ca. 30 Zeilen laufen und beende es mit CTRL + C. Code:
ATTFilter sudo tcpdump -i en0
Mache das bitte auch mit dem nachfolgenden Ablauf: Code:
ATTFilter sudo tcpdump -i en1
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche?  Spende fürs trojaner-board? |
|
02.11.2015, 21:20
| #5 |
| | as requested ohne zu wissen, was genau ich hier tue ... ;-) Eingabe von sudo lsof -i brachte dieses Ergebnis: Code:
ATTFilter COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
launchd 1 root 20u IPv4 0xec6869035982c5a7 0t0 UDP *:netbios-ns
launchd 1 root 21u IPv4 0xec6869035982c407 0t0 UDP *:netbios-dgm
launchd 1 root 28u IPv6 0xec6869035b1b8527 0t0 TCP localhost:ipp (LISTEN)
launchd 1 root 29u IPv4 0xec6869035b1ba447 0t0 TCP localhost:ipp (LISTEN)
UserEvent 11 root 161u IPv4 0xec6869035982ad47 0t0 UDP *:*
configd 17 root 11u IPv6 0xec6869035982c267 0t0 UDP *:*
configd 17 root 19u IPv4 0xec6869035982bbe7 0t0 UDP *:*
configd 17 root 23u IPv4 0xec6869035982a1e7 0t0 UDP *:*
configd 17 root 25u IPv4 0xec6869035982a047 0t0 UDP *:*
configd 17 root 27u IPv4 0xec68690359829ea7 0t0 UDP *:*
configd 17 root 34u IPv6 0xec6869035d35b5a7 0t0 ICMPV6 *:*
ntpd 41 root 20u IPv4 0xec6869035982aee7 0t0 UDP *:ntp
ntpd 41 root 21u IPv6 0xec6869035bc9f227 0t0 UDP *:ntp
ntpd 41 root 22u IPv6 0xec6869035bcc7d87 0t0 UDP localhost:ntp
ntpd 41 root 23u IPv4 0xec6869035bcc7be7 0t0 UDP localhost:ntp
ntpd 41 root 24u IPv6 0xec6869035bcc7a47 0t0 UDP localhost:ntp
ntpd 41 root 25u IPv6 0xec6869035bcc4cc7 0t0 UDP moonbase.local:ntp
ntpd 41 root 26u IPv4 0xec6869035bcc7227 0t0 UDP 10.0.1.9:ntp
ntpd 41 root 29u IPv4 0xec6869035982b567 0t0 UDP 10.211.55.2:ntp
ntpd 41 root 30u IPv4 0xec6869035982b227 0t0 UDP 10.37.129.2:ntp
netbiosd 57 _netbios 3u IPv4 0xec6869035982c407 0t0 UDP *:netbios-dgm
netbiosd 57 _netbios 4u IPv4 0xec6869035982c5a7 0t0 UDP *:netbios-ns
mtmfs 58 root 4u IPv4 0xec6869035d364447 0t0 TCP localhost:49152 (LISTEN)
mtmfs 58 root 6u IPv4 0xec6869035d363cf7 0t0 TCP localhost:49153 (LISTEN)
mtmfs 58 root 7u IPv4 0xec6869035ec85447 0t0 TCP localhost:49153->localhost:1023 (ESTABLISHED)
mDNSRespo 61 _mdnsresponder 8u IPv4 0xec6869035982ba47 0t0 UDP *:mdns
mDNSRespo 61 _mdnsresponder 9u IPv6 0xec6869035982b8a7 0t0 UDP *:mdns
mDNSRespo 61 _mdnsresponder 29u IPv4 0xec6869035bc9fa47 0t0 UDP *:62618
mDNSRespo 61 _mdnsresponder 30u IPv6 0xec686903696cc707 0t0 UDP *:62618
mDNSRespo 61 _mdnsresponder 35u IPv4 0xec6869035bcc80c7 0t0 UDP *:65433
mDNSRespo 61 _mdnsresponder 36u IPv6 0xec6869035bc9cb27 0t0 UDP *:65433
mDNSRespo 61 _mdnsresponder 37u IPv4 0xec6869035bcc54e7 0t0 UDP *:60331
mDNSRespo 61 _mdnsresponder 38u IPv6 0xec6869035bc9f567 0t0 UDP *:60331
mDNSRespo 61 _mdnsresponder 39u IPv4 0xec68690359828e67 0t0 UDP *:59756
mDNSRespo 61 _mdnsresponder 40u IPv6 0xec686903696cc3c7 0t0 UDP *:59756
mDNSRespo 61 _mdnsresponder 41u IPv4 0xec6869035bcc8407 0t0 UDP *:64374
mDNSRespo 61 _mdnsresponder 42u IPv6 0xec6869035bcc7f27 0t0 UDP *:64374
mDNSRespo 61 _mdnsresponder 44u IPv4 0xec68690369ab7be7 0t0 UDP *:49663
mDNSRespo 61 _mdnsresponder 45u IPv6 0xec68690359828cc7 0t0 UDP *:49663
mDNSRespo 61 _mdnsresponder 46u IPv4 0xec6869035bc9ce67 0t0 UDP *:63266
mDNSRespo 61 _mdnsresponder 47u IPv6 0xec686903696c9b27 0t0 UDP *:63266
mDNSRespo 61 _mdnsresponder 48u IPv4 0xec686903598299c7 0t0 UDP *:59968
mDNSRespo 61 _mdnsresponder 49u IPv6 0xec686903696ccf27 0t0 UDP *:59968
mDNSRespo 61 _mdnsresponder 50u IPv4 0xec6869035bca0407 0t0 UDP *:55698
mDNSRespo 61 _mdnsresponder 51u IPv6 0xec686903696cca47 0t0 UDP *:55698
mDNSRespo 61 _mdnsresponder 52u IPv4 0xec6869035bc9ccc7 0t0 UDP *:64789
mDNSRespo 61 _mdnsresponder 53u IPv6 0xec6869035bcc6a07 0t0 UDP *:64789
mDNSRespo 61 _mdnsresponder 54u IPv4 0xec68690366799407 0t0 UDP *:56038
mDNSRespo 61 _mdnsresponder 55u IPv6 0xec6869035bcc66c7 0t0 UDP *:56038
mDNSRespo 61 _mdnsresponder 56u IPv4 0xec68690359829347 0t0 UDP *:56423
mDNSRespo 61 _mdnsresponder 57u IPv6 0xec6869035bcc4987 0t0 UDP *:56423
mDNSRespo 61 _mdnsresponder 58u IPv4 0xec686903667990c7 0t0 UDP *:54460
mDNSRespo 61 _mdnsresponder 59u IPv6 0xec6869035bc9f8a7 0t0 UDP *:54460
mDNSRespo 61 _mdnsresponder 60u IPv4 0xec6869035bc9ed47 0t0 UDP *:56331
mDNSRespo 61 _mdnsresponder 62u IPv6 0xec68690369ab78a7 0t0 UDP *:56331
mDNSRespo 61 _mdnsresponder 63u IPv4 0xec6869035bc9f707 0t0 UDP *:53107
mDNSRespo 61 _mdnsresponder 64u IPv6 0xec6869035bc9fbe7 0t0 UDP *:53107
mDNSRespo 61 _mdnsresponder 65u IPv4 0xec6869035982aa07 0t0 UDP *:60754
mDNSRespo 61 _mdnsresponder 66u IPv6 0xec6869035d12b387 0t0 UDP *:60754
mDNSRespo 61 _mdnsresponder 67u IPv4 0xec6869035d12ab67 0t0 UDP *:49958
mDNSRespo 61 _mdnsresponder 68u IPv6 0xec686903696c97e7 0t0 UDP *:49958
mDNSRespo 61 _mdnsresponder 69u IPv4 0xec68690369ab7a47 0t0 UDP *:64574
mDNSRespo 61 _mdnsresponder 70u IPv6 0xec6869035d12aea7 0t0 UDP *:64574
mDNSRespo 61 _mdnsresponder 74u IPv4 0xec6869035bcc59c7 0t0 UDP *:61797
mDNSRespo 61 _mdnsresponder 75u IPv6 0xec68690359829007 0t0 UDP *:61797
mDNSRespo 61 _mdnsresponder 78u IPv4 0xec6869035bcc6387 0t0 UDP *:58676
mDNSRespo 61 _mdnsresponder 79u IPv4 0xec6869035982a527 0t0 UDP *:64522
mDNSRespo 61 _mdnsresponder 80u IPv6 0xec6869035bcc5b67 0t0 UDP *:64522
mDNSRespo 61 _mdnsresponder 82u IPv4 0xec6869035bcc6527 0t0 UDP *:56062
mDNSRespo 61 _mdnsresponder 83u IPv6 0xec6869035bc9dd07 0t0 UDP *:56062
mDNSRespo 61 _mdnsresponder 84u IPv6 0xec68690369ab80c7 0t0 UDP *:58676
mDNSRespo 61 _mdnsresponder 85u IPv4 0xec6869035d12b527 0t0 UDP *:59946
mDNSRespo 61 _mdnsresponder 86u IPv4 0xec6869035982b3c7 0t0 UDP *:58145
mDNSRespo 61 _mdnsresponder 97u IPv6 0xec686903598291a7 0t0 UDP *:58145
mDNSRespo 61 _mdnsresponder 99u IPv4 0xec68690366798a47 0t0 UDP *:52989
mDNSRespo 61 _mdnsresponder 100u IPv6 0xec6869035bc9d1a7 0t0 UDP *:52989
mDNSRespo 61 _mdnsresponder 101u IPv6 0xec686903696cbd47 0t0 UDP *:59946
mDNSRespo 61 _mdnsresponder 102u IPv4 0xec6869035bc9e047 0t0 UDP *:58015
mDNSRespo 61 _mdnsresponder 103u IPv6 0xec6869035bcc7707 0t0 UDP *:58015
xrdd 81 root 4u IPv4 0xec6869035b1b9cf7 0t0 TCP *:apc-5454 (LISTEN)
xrdd 81 root 11u IPv4 0xec6869035d48e447 0t0 TCP localhost:49154->localhost:apc-5454 (ESTABLISHED)
xrdd 81 root 12u IPv4 0xec6869035d48dcf7 0t0 TCP localhost:apc-5454->localhost:49154 (ESTABLISHED)
UserEvent 330 username2 5u IPv4 0xec6869035bcc6ba7 0t0 UDP *:*
apsd 360 root 10u IPv4 0xec68690359e3e447 0t0 TCP 10.0.1.9:52111->17.110.228.79:5223 (ESTABLISHED)
SystemUIS 362 username2 6u IPv4 0xec6869035bc9dea7 0t0 UDP *:*
NetworkBr 375 username2 5u IPv4 0xec6869035982a6c7 0t0 UDP *:*
2BUA8C4S2 399 username2 16u IPv4 0xec686903623f3cf7 0t0 TCP localhost:10191 (LISTEN)
2BUA8C4S2 399 username2 17u IPv6 0xec686903623f5527 0t0 TCP localhost:10191 (LISTEN)
2BUA8C4S2 399 username2 18u IPv4 0xec68690359a0ecf7 0t0 TCP localhost:6263 (LISTEN)
2BUA8C4S2 399 username2 19u IPv6 0xec686903623f5147 0t0 TCP localhost:6263 (LISTEN)
1Password 419 username2 5u IPv4 0xec68690365b9fcf7 0t0 TCP localhost:6258 (LISTEN)
1Password 419 username2 6u IPv6 0xec6869035b1b8147 0t0 TCP localhost:6258 (LISTEN)
Dropbox 431 username2 15u IPv4 0xec68690363af1cf7 0t0 TCP 192.168.2.101:49207->client.v.dropbox.com:https (CLOSE_WAIT)
Dropbox 431 username2 29u IPv4 0xec6869035bcc5347 0t0 UDP *:17500
Dropbox 431 username2 34u IPv4 0xec68690365bb3447 0t0 TCP 192.168.2.101:49215->server-54-192-47-49.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 35u IPv4 0xec68690365bb2cf7 0t0 TCP 192.168.2.101:49216->server-54-192-47-49.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 39u IPv4 0xec68690365c2e447 0t0 TCP localhost:26165 (LISTEN)
Dropbox 431 username2 40u IPv4 0xec68690361e8e447 0t0 TCP 10.0.1.9:52091->snt-re4-6a.sjc.dropbox.com:https (ESTABLISHED)
Dropbox 431 username2 45u IPv4 0xec6869036131ccf7 0t0 TCP 192.168.2.101:49226->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox 431 username2 47u IPv4 0xec6869036f049cf7 0t0 TCP 10.0.1.9:51198->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 48u IPv4 0xec68690361e8dcf7 0t0 TCP localhost:17600 (LISTEN)
Dropbox 431 username2 49u IPv4 0xec68690365b43447 0t0 TCP *:17500 (LISTEN)
Dropbox 431 username2 52u IPv4 0xec68690365de9cf7 0t0 TCP localhost:17603 (LISTEN)
Dropbox 431 username2 53u IPv4 0xec68690366b47cf7 0t0 TCP 10.0.1.9:51199->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 54u IPv4 0xec68690365c2dcf7 0t0 TCP 192.168.2.101:49272->ec2-54-83-196-114.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 55u IPv4 0xec686903599efcf7 0t0 TCP 10.0.1.9:51305->ec2-54-164-136-234.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 56u IPv4 0xec68690365dfecf7 0t0 TCP 10.0.1.9:51208->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 57u IPv4 0xec68690369cc1cf7 0t0 TCP 192.168.2.101:49367->108.160.173.130:https (CLOSE_WAIT)
Dropbox 431 username2 58u IPv4 0xec68690365dff447 0t0 TCP 10.0.1.9:51212->d.v.dropbox.com:https (CLOSED)
Dropbox 431 username2 59u IPv4 0xec68690362436447 0t0 TCP 10.0.1.9:51215->ec2-52-4-211-236.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 60u IPv4 0xec68690367500447 0t0 TCP 10.0.1.9:51217->45.58.74.33:https (CLOSE_WAIT)
Dropbox 431 username2 61u IPv4 0xec6869036d710cf7 0t0 TCP 10.0.1.9:51491->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 62u IPv4 0xec686903596afcf7 0t0 TCP 10.0.1.9:51497->45.58.74.33:https (CLOSE_WAIT)
Dropbox 431 username2 63u IPv4 0xec686903606e4447 0t0 TCP 192.168.2.101:49714->server-54-192-47-212.fra6.r.cloudfront.net:https (ESTABLISHED)
Dropbox 431 username2 64u IPv4 0xec6869035acf8447 0t0 TCP 10.0.1.9:51553->45.58.74.161:https (CLOSE_WAIT)
Dropbox 431 username2 65u IPv4 0xec68690365b24cf7 0t0 TCP 10.0.1.9:51529->ec2-54-85-186-98.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 66u IPv4 0xec686903674ffcf7 0t0 TCP 10.0.1.9:51552->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 67u IPv4 0xec686903599f0447 0t0 TCP 10.0.1.9:51554->45.58.74.161:https (CLOSE_WAIT)
Dropbox 431 username2 68u IPv4 0xec68690359f03447 0t0 TCP 10.0.1.9:51556->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 69u IPv4 0xec686903674afcf7 0t0 TCP 192.168.2.101:58864->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 70u IPv4 0xec68690369e86447 0t0 TCP 192.168.2.101:49826->d.v.dropbox.com:https (ESTABLISHED)
Dropbox 431 username2 71u IPv4 0xec68690361d62447 0t0 TCP 10.0.1.9:54419->d.v.dropbox.com:https (CLOSED)
Dropbox 431 username2 72u IPv4 0xec6869036f05f447 0t0 TCP 10.0.1.9:51567->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 73u IPv4 0xec68690369da6447 0t0 TCP 10.0.1.9:51343->d.v.dropbox.com:https (CLOSED)
Dropbox 431 username2 74u IPv4 0xec68690369db6cf7 0t0 TCP 10.0.1.9:52517->45.58.74.129:https (CLOSE_WAIT)
Dropbox 431 username2 75u IPv4 0xec6869036131d447 0t0 TCP 10.0.1.9:51370->ec2-75-101-142-7.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 76u IPv4 0xec6869035c898cf7 0t0 TCP 10.0.1.9:51396->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 77u IPv4 0xec68690369cc2447 0t0 TCP 192.168.2.101:62075->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox 431 username2 78u IPv4 0xec68690365dea447 0t0 TCP 192.168.2.101:59173->ec2-107-20-249-104.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 79u IPv4 0xec68690363a6bcf7 0t0 TCP 10.0.1.9:54705->ec2-107-20-249-104.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 80u IPv4 0xec68690362435cf7 0t0 TCP 10.0.1.9:54752->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 81u IPv4 0xec68690361d8c447 0t0 TCP 192.168.2.101:59217->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox 431 username2 82u IPv4 0xec6869036d717cf7 0t0 TCP 192.168.2.101:61227->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 83u IPv4 0xec6869036f040cf7 0t0 TCP 10.0.1.9:51581->45.58.74.161:https (CLOSE_WAIT)
Dropbox 431 username2 84u IPv4 0xec68690369db7447 0t0 TCP 192.168.2.101:55675->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox 431 username2 85u IPv4 0xec68690361d16447 0t0 TCP 192.168.2.101:55715->ec2-107-20-173-188.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 86u IPv4 0xec6869035c77ecf7 0t0 TCP 192.168.2.101:55734->server-54-192-47-212.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 87u IPv4 0xec6869036ec40cf7 0t0 TCP 10.0.1.9:50929->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 88u IPv4 0xec68690363af2447 0t0 TCP 10.0.1.9:49627->d.v.dropbox.com:https (CLOSED)
Dropbox 431 username2 89u IPv4 0xec6869035f139447 0t0 TCP 192.168.2.101:62270->ec2-75-101-155-223.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 90u IPv4 0xec68690363a6c447 0t0 TCP 10.0.1.9:51572->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 91u IPv4 0xec6869035a1cdcf7 0t0 TCP 10.0.1.9:51612->ec2-52-2-162-113.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 92u IPv4 0xec686903674b0447 0t0 TCP 10.0.1.9:50947->ec2-52-3-177-7.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 93u IPv4 0xec68690367e95447 0t0 TCP 10.0.1.9:51662->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 94u IPv4 0xec6869035a1dfcf7 0t0 TCP 10.0.1.9:51663->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 95u IPv4 0xec68690369da5cf7 0t0 TCP 10.0.1.9:51684->ec2-52-21-179-203.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 96u IPv4 0xec6869035b55fcf7 0t0 TCP 10.0.1.9:52019->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 97u IPv4 0xec68690359e77447 0t0 TCP 10.0.1.9:52145->ec2-107-23-52-105.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 98u IPv4 0xec686903623f6447 0t0 TCP 10.0.1.9:52164->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox 431 username2 99u IPv4 0xec6869035c5c7447 0t0 TCP 10.0.1.9:52218->ec2-52-4-109-5.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox 431 username2 100u IPv4 0xec68690359a0f447 0t0 TCP 10.0.1.9:52223->d.v.dropbox.com:https (CLOSED)
Copy 433 username2 24u IPv4 0xec68690365b25447 0t0 TCP *:8445 (LISTEN)
Copy 433 username2 25u IPv4 0xec6869035bcc6d47 0t0 UDP *:8445
Copy 433 username2 30u IPv4 0xec6869035f633447 0t0 TCP 10.0.1.9:52383->barracuda.com:https (ESTABLISHED)
blued 3189 root 4u IPv4 0xec6869035982bd87 0t0 UDP *:*
thunderbi 6093 username2 17u IPv4 0xec6869035acf7cf7 0t0 TCP localhost:6000 (LISTEN)
thunderbi 6093 username2 22u IPv4 0xec6869036f05ecf7 0t0 TCP 10.0.1.9:52121->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 28u IPv4 0xec6869036d711447 0t0 TCP 10.0.1.9:52124->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 30u IPv4 0xec6869035fa09cf7 0t0 TCP 10.0.1.9:52131->wk-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi 6093 username2 33u IPv4 0xec68690361d15cf7 0t0 TCP 10.0.1.9:52221->imap.gmx.net:imaps (ESTABLISHED)
thunderbi 6093 username2 40u IPv4 0xec6869036e6e3447 0t0 TCP 10.0.1.9:52157->dd2209876.kasserver.com:imaps (ESTABLISHED)
thunderbi 6093 username2 41u IPv4 0xec68690359e42447 0t0 TCP 10.0.1.9:52153->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 45u IPv4 0xec6869036f04a447 0t0 TCP 10.0.1.9:52129->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 49u IPv4 0xec6869035ec84cf7 0t0 TCP 10.0.1.9:52130->imap.web.de:imaps (ESTABLISHED)
thunderbi 6093 username2 51u IPv4 0xec68690359e3dcf7 0t0 TCP 10.0.1.9:52158->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi 6093 username2 53u IPv4 0xec6869035c5c6cf7 0t0 TCP 10.0.1.9:52135->dd2209876.kasserver.com:imaps (ESTABLISHED)
thunderbi 6093 username2 56u IPv4 0xec6869036f025447 0t0 TCP 10.0.1.9:52132->imap.gmx.net:imaps (ESTABLISHED)
thunderbi 6093 username2 60u IPv4 0xec6869036f018447 0t0 TCP 10.0.1.9:52133->imap5a.mail.vip.ir2.yahoo.com:imaps (CLOSE_WAIT)
thunderbi 6093 username2 61u IPv4 0xec686903606e3cf7 0t0 TCP 10.0.1.9:52159->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi 6093 username2 63u IPv4 0xec6869036e6e2cf7 0t0 TCP 10.0.1.9:52134->email03.t-online.de:imaps (ESTABLISHED)
thunderbi 6093 username2 70u IPv4 0xec68690369e85cf7 0t0 TCP 10.0.1.9:52150->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 71u IPv4 0xec6869036d718447 0t0 TCP 10.0.1.9:52136->dd2209876.kasserver.com:imap (ESTABLISHED)
thunderbi 6093 username2 72u IPv4 0xec6869036f041447 0t0 TCP 10.0.1.9:52146->imap.gmx.net:imaps (ESTABLISHED)
thunderbi 6093 username2 75u IPv4 0xec686903623f5cf7 0t0 TCP 10.0.1.9:52142->imap.gmx.net:imaps (ESTABLISHED)
thunderbi 6093 username2 76u IPv4 0xec68690359f02cf7 0t0 TCP 10.0.1.9:52154->dd2209876.kasserver.com:imap (ESTABLISHED)
thunderbi 6093 username2 77u IPv4 0xec68690361d61cf7 0t0 TCP 10.0.1.9:52151->134.119.18.26:imaps (ESTABLISHED)
thunderbi 6093 username2 90u IPv4 0xec686903613d3447 0t0 TCP 10.0.1.9:52160->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi 6093 username2 102u IPv4 0xec68690359e39cf7 0t0 TCP 10.0.1.9:52152->imap.web.de:imaps (CLOSE_WAIT)
thunderbi 6093 username2 105u IPv4 0xec686903596b0447 0t0 TCP 10.0.1.9:52161->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi 6093 username2 107u IPv4 0xec6869035c899447 0t0 TCP 10.0.1.9:52162->email00.t-online.de:imaps (ESTABLISHED)
thunderbi 6093 username2 109u IPv4 0xec6869036f017cf7 0t0 TCP 10.0.1.9:52163->imap11.mail.vip.ir2.yahoo.com:imaps (CLOSE_WAIT)
thunderbi 6093 username2 110u IPv4 0xec68690361f7f447 0t0 TCP 10.0.1.9:52219->134.119.18.26:imaps (ESTABLISHED)
firefox 11403 username2 47u IPv4 0xec686903623f4447 0t0 TCP 10.0.1.9:49493->fra02s27-in-f1.1e100.net:http (CLOSED)
firefox 11403 username2 49u IPv4 0xec68690367e94cf7 0t0 TCP 10.0.1.9:49476->fra02s27-in-f14.1e100.net:http (CLOSED)
firefox 11403 username2 51u IPv4 0xec68690361790cf7 0t0 TCP 10.0.1.9:49394->muc03s13-in-f10.1e100.net:https (CLOSE_WAIT)
firefox 11403 username2 52u IPv4 0xec6869035c598447 0t0 TCP 10.0.1.9:49404->74.125.162.244:https (CLOSED)
firefox 11403 username2 62u IPv4 0xec6869035e942447 0t0 TCP 10.0.1.9:52410->ber01s09-in-f3.1e100.net:https (ESTABLISHED)
firefox 11403 username2 66u IPv4 0xec68690359e41cf7 0t0 TCP 10.0.1.9:49346->fra02s17-in-f14.1e100.net:https (CLOSE_WAIT)
firefox 11403 username2 67u IPv4 0xec6869035a1e0447 0t0 TCP 10.0.1.9:49399->fra02s18-in-f9.1e100.net:https (CLOSE_WAIT)
firefox 11403 username2 75u IPv4 0xec68690367554cf7 0t0 TCP 10.0.1.9:49494->fra02s27-in-f17.1e100.net:https (CLOSE_WAIT)
firefox 11403 username2 89u IPv4 0xec68690359721447 0t0 TCP 10.0.1.9:52411->fra07s28-in-f14.1e100.net:https (ESTABLISHED)
locationd 12011 _locationd 4u IPv4 0xec6869035d12b047 0t0 UDP *:*
UserEvent 12018 root 4u IPv4 0xec686903696cd267 0t0 UDP *:*
SystemUIS 12031 root 7u IPv4 0xec6869035982a387 0t0 UDP *:*
NetworkBr 12081 root 5u IPv4 0xec6869035bc9d4e7 0t0 UDP *:*
master 13609 root 13u IPv4 0xec68690365b42cf7 0t0 TCP localhost:smtp (LISTEN)
master 13609 root 14u IPv6 0xec6869035f31ad67 0t0 TCP localhost:smtp (LISTEN)
master 13609 root 26u IPv4 0xec6869035e0d8cf7 0t0 TCP localhost:submission (LISTEN)
master 13609 root 27u IPv6 0xec6869035f31b527 0t0 TCP localhost:submission (LISTEN)
Eingabe von sudo tcpdump -i en1 -v (sudo tcpdump -i en0 klappte nicht, da mein Rechner aktuell nicht per Ethnernet verbunden ist.) Ausgabe: Code:
ATTFilter tcpdump: listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
21:13:53.052723 IP (tos 0x0, ttl 255, id 49382, offset 0, flags [none], proto UDP (17), length 71)
10.0.1.9.64522 > 10.0.1.1.domain: 48526+ A? e3191.dscc.akamaiedge.net. (43)
21:13:53.052929 IP (tos 0x0, ttl 255, id 18333, offset 0, flags [none], proto UDP (17), length 64)
10.0.1.9.52989 > 10.0.1.1.domain: 4423+ A? www.wip4.adobe.com. (36)
21:13:53.055951 IP (tos 0x0, ttl 54, id 8505, offset 0, flags [none], proto TCP (6), length 52)
imap.gmx.net.imaps > 10.0.1.9.52221: Flags [.], cksum 0x7c52 (correct), ack 2323796273, win 61, options [nop,nop,TS val 1477583104 ecr 894829964], length 0
21:13:53.056029 IP (tos 0x0, ttl 64, id 64495, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52221 > imap.gmx.net.imaps: Flags [.], cksum 0x7f47 (correct), ack 1, win 8192, options [nop,nop,TS val 895009479 ecr 1477132560], length 0
21:13:53.070448 IP (tos 0x0, ttl 64, id 4603, offset 0, flags [none], proto UDP (17), length 87)
10.0.1.1.domain > 10.0.1.9.64522: 48526 1/0/0 e3191.dscc.akamaiedge.net. A 104.84.226.99 (59)
21:13:53.075018 IP (tos 0x0, ttl 64, id 4604, offset 0, flags [none], proto UDP (17), length 80)
10.0.1.1.domain > 10.0.1.9.52989: 4423 1/0/0 www.wip4.adobe.com. A 193.104.215.61 (52)
21:13:53.497392 IP (tos 0x0, ttl 55, id 13910, offset 0, flags [none], proto TCP (6), length 52)
imap.gmx.net.imaps > 10.0.1.9.52146: Flags [.], cksum 0x5901 (correct), ack 2547054969, win 73, options [nop,nop,TS val 1474983680 ecr 894829963], length 0
21:13:53.497517 IP (tos 0x0, ttl 64, id 47600, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52146 > imap.gmx.net.imaps: Flags [.], cksum 0x5af8 (correct), ack 1, win 8192, options [nop,nop,TS val 895009920 ecr 1474532960], length 0
21:13:53.508258 IP (tos 0x0, ttl 255, id 34733, offset 0, flags [none], proto UDP (17), length 67)
10.0.1.9.56288 > 10.0.1.1.domain: 64446+ PTR? 9.1.0.10.in-addr.arpa. (39)
21:13:53.510691 IP (tos 0x0, ttl 64, id 4607, offset 0, flags [none], proto UDP (17), length 67)
10.0.1.1.domain > 10.0.1.9.56288: 64446 NXDomain* 0/0/0 (39)
21:13:53.511903 IP (tos 0x0, ttl 255, id 20966, offset 0, flags [none], proto UDP (17), length 67)
10.0.1.9.61967 > 10.0.1.1.domain: 211+ PTR? 1.1.0.10.in-addr.arpa. (39)
21:13:53.514199 IP (tos 0x0, ttl 64, id 4610, offset 0, flags [none], proto UDP (17), length 67)
10.0.1.1.domain > 10.0.1.9.61967: 211 NXDomain* 0/0/0 (39)
21:13:55.648078 IP (tos 0x0, ttl 44, id 10426, offset 0, flags [none], proto TCP (6), length 52)
wk-in-f16.1e100.net.imaps > 10.0.1.9.52131: Flags [F.], cksum 0xbf69 (correct), seq 1655612367, ack 3435925088, win 341, options [nop,nop,TS val 554148140 ecr 892594640], length 0
21:13:55.648217 IP (tos 0x0, ttl 64, id 61627, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52131 > wk-in-f16.1e100.net.imaps: Flags [.], cksum 0xbd84 (correct), ack 1, win 8192, options [nop,nop,TS val 895012069 ecr 554148140], length 0
21:13:57.653990 IP (tos 0x0, ttl 64, id 52152, offset 0, flags [none], proto TCP (6), length 40)
10.0.1.9.51497 > 45.58.74.33.https: Flags [R.], cksum 0x7eba (correct), seq 1772188646, ack 2879470244, win 8192, length 0
21:13:58.522908 IP (tos 0x0, ttl 255, id 11995, offset 0, flags [none], proto UDP (17), length 70)
10.0.1.9.49285 > 10.0.1.1.domain: 10371+ PTR? 33.74.58.45.in-addr.arpa. (42)
21:13:58.526900 IP (tos 0x0, ttl 64, id 4614, offset 0, flags [none], proto UDP (17), length 70)
10.0.1.1.domain > 10.0.1.9.49285: 10371 NXDomain* 0/0/0 (42)
21:14:00.094671 IP (tos 0x0, ttl 64, id 63902, offset 0, flags [none], proto TCP (6), length 52)
10.0.1.9.51553 > 45.58.74.161.https: Flags [F.], cksum 0x4e43 (correct), seq 3012792720, ack 5924794, win 8192, options [nop,nop,TS val 895016511 ecr 1006943651], length 0
21:14:00.530116 IP (tos 0x0, ttl 255, id 49039, offset 0, flags [none], proto UDP (17), length 71)
10.0.1.9.60468 > 10.0.1.1.domain: 19952+ PTR? 161.74.58.45.in-addr.arpa. (43)
21:14:00.534307 IP (tos 0x0, ttl 64, id 4615, offset 0, flags [none], proto UDP (17), length 71)
10.0.1.1.domain > 10.0.1.9.60468: 19952 NXDomain* 0/0/0 (43)
21:14:01.177270 IP (tos 0x0, ttl 53, id 8244, offset 0, flags [none], proto TCP (6), length 98)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xfac3 (correct), seq 1354204013:1354204059, ack 550831693, win 122, options [nop,nop,TS val 805226688 ecr 894898053], length 46
21:14:01.177366 IP (tos 0x0, ttl 64, id 54700, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd78b (correct), ack 46, win 8189, options [nop,nop,TS val 895017589 ecr 805226688], length 0
21:14:01.181581 IP (tos 0x0, ttl 64, id 14492, offset 0, flags [DF], proto TCP (6), length 87)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x51c1 (correct), seq 1:36, ack 46, win 8192, options [nop,nop,TS val 895017593 ecr 805226688], length 35
21:14:01.210140 IP (tos 0x0, ttl 53, id 13081, offset 0, flags [none], proto TCP (6), length 104)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xf5da (correct), seq 46:98, ack 36, win 122, options [nop,nop,TS val 805226752 ecr 895017593], length 52
21:14:01.210236 IP (tos 0x0, ttl 64, id 45782, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd6d5 (correct), ack 98, win 8188, options [nop,nop,TS val 895017621 ecr 805226752], length 0
21:14:01.211284 IP (tos 0x0, ttl 64, id 3221, offset 0, flags [DF], proto TCP (6), length 91)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0xd37b (correct), seq 36:75, ack 98, win 8192, options [nop,nop,TS val 895017622 ecr 805226752], length 39
21:14:01.240796 IP (tos 0x0, ttl 53, id 1509, offset 0, flags [none], proto TCP (6), length 105)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0x826a (correct), seq 98:151, ack 75, win 122, options [nop,nop,TS val 805226782 ecr 895017622], length 53
21:14:01.240910 IP (tos 0x0, ttl 64, id 47068, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd63d (correct), ack 151, win 8188, options [nop,nop,TS val 895017651 ecr 805226782], length 0
21:14:01.241506 IP (tos 0x0, ttl 64, id 34189, offset 0, flags [DF], proto TCP (6), length 123)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x16a8 (correct), seq 75:146, ack 151, win 8192, options [nop,nop,TS val 895017651 ecr 805226782], length 71
21:14:01.279413 IP (tos 0x0, ttl 53, id 14536, offset 0, flags [none], proto TCP (6), length 199)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xc894 (correct), seq 151:298, ack 146, win 122, options [nop,nop,TS val 805226821 ecr 895017651], length 147
21:14:01.279530 IP (tos 0x0, ttl 64, id 5076, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd51c (correct), ack 298, win 8182, options [nop,nop,TS val 895017689 ecr 805226821], length 0
21:14:01.280249 IP (tos 0x0, ttl 64, id 38067, offset 0, flags [DF], proto TCP (6), length 107)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x4741 (correct), seq 146:201, ack 298, win 8192, options [nop,nop,TS val 895017689 ecr 805226821], length 55
21:14:01.318915 IP (tos 0x0, ttl 53, id 8385, offset 0, flags [none], proto TCP (6), length 148)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0x9930 (correct), seq 298:394, ack 201, win 122, options [nop,nop,TS val 805226861 ecr 895017689], length 96
21:14:01.319014 IP (tos 0x0, ttl 64, id 709, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd433 (correct), ack 394, win 8186, options [nop,nop,TS val 895017727 ecr 805226861], length 0
21:14:01.324871 IP (tos 0x0, ttl 64, id 34456, offset 0, flags [DF], proto TCP (6), length 90)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x819d (correct), seq 201:239, ack 394, win 8192, options [nop,nop,TS val 895017732 ecr 805226861], length 38
21:14:01.351365 IP (tos 0x0, ttl 53, id 14250, offset 0, flags [none], proto TCP (6), length 91)
134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xd662 (correct), seq 394:433, ack 239, win 122, options [nop,nop,TS val 805226893 ecr 895017732], length 39
21:14:01.351458 IP (tos 0x0, ttl 64, id 29387, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd3a4 (correct), ack 433, win 8189, options [nop,nop,TS val 895017758 ecr 805226893], length 0
21:14:01.541187 IP (tos 0x0, ttl 255, id 19414, offset 0, flags [none], proto UDP (17), length 72)
10.0.1.9.59933 > 10.0.1.1.domain: 875+ PTR? 26.18.119.134.in-addr.arpa. (44)
21:14:01.544139 IP (tos 0x0, ttl 64, id 4616, offset 0, flags [none], proto UDP (17), length 72)
10.0.1.1.domain > 10.0.1.9.59933: 875 NXDomain* 0/0/0 (44)
21:14:02.098994 IP (tos 0x0, ttl 53, id 32524, offset 0, flags [none], proto TCP (6), length 98)
134.119.18.26.imaps > 10.0.1.9.52150: Flags [P.], cksum 0x48ad (correct), seq 3254153786:3254153832, ack 1293335775, win 122, options [nop,nop,TS val 805227404 ecr 894898762], length 46
21:14:02.099115 IP (tos 0x0, ttl 64, id 25498, offset 0, flags [DF], proto TCP (6), length 52)
10.0.1.9.52150 > 134.119.18.26.imaps: Flags [.], cksum 0x8e50 (correct), ack 46, win 8189, options [nop,nop,TS val 895018501 ecr 805227404], length 0
Da ist mir leider nicht genau klar, was ich wo wie tun soll. Vielleicht kannst Du mir das nochmal genauer erklären? Ich habe das Programm zwar hier, aber wie kann ich damit URL-Aufrufe überprüfen? Danke |
|
02.11.2015, 22:53
| #6 |
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Im ersten Log werden alle aktuellen Verbindung angezeigt inklusive Anwendungen. Im zweiten (tcpdump) ist quasi der Live-Modus, alle aktiven Verbindung werden sofort angezeigt. Du musst keine Url etc Prüfen. Anhand der IPs und Url die ich oben geschrieben habe, brauchst du nur bei Little Snitch nachschauen ob du dort identische Adressen findest. Da aber deine Logs keinerlei Hinweise aufzeigen wirst du wahrscheinlich dort auch nichts finden. Ich vermute mal (wie in den meisten solcher Fälle) das die Telekom-Server gehackt wurden. Das ist ein großes Problem da weder die Telekom noch der End-User dieses Problem bisher in den Griff bekommen können. Schritt 2
Schritt 3 Gegencheck mit Malwarebytes
__________________ --> Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? |
|
03.11.2015, 21:32
| #7 |
| | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Hallo Dante, ich bin alle Schritte durchgegangen. MalwareBytes hat nichts gefunden Die Funktione "Take Snapshot" jedoch blieb ohne Wirkung. Nach Klick darauf passierte (vordergründig) nichts ... Gutes Zeichen? Oder ein Fehler? Ich habe die aktuellste Version für mein System installiert. Danke bisher auf jeden Fall. |
|
03.11.2015, 21:44
| #8 |
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Normalweise dauert es eine Weile und dann erscheint ein Fenster mit dem Log. Versuche es nochmal bitte. Denk dran nicht den "Button" Scanner sondern oben in der Menüleiste unter "Scanner -> Take System Snapshot".
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
08.11.2015, 10:44
| #9 |
| | Heute kein Snapshot für Dich Hallo Dante, ich habe leider keinen Snapshot ... Zweimal habe ich den Mac ca. 1h laufen lassen, ohne dass sichtbar irgendwas passierte oder ein Snapshot erschien. Wird der evtl. irgendwo einfach abgespeichert ohne sichtbares Feedback? Danke für Deine Hilfe D-O-M |
|
08.11.2015, 12:33
| #10 |
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Erklär doch bitte was du genau gemacht hast Schritt für Schritt. Hat Malwawerbytes bei den Scan was gefunden?
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
08.11.2015, 13:03
| #11 |
| | Malwarebytes hat nichts gefunden Was ich gemacht habe: - Ins Adminkonto meines Rechners gewechselt (ich nutze zwei Konten) - Malwarebytes heruntergeladen und installiert als Admin - Programm aufgerufen, dabei hat MW zuerst seine Siganturen aktualisiert - Im Bedienfenster auf SCAN geklickt (nicht in der Menüleiste) -> Scan läuft durch und sagt: Nix gefunden (siehe Screenshot) HTML-Code: hxxp://imgur.com/vT5RWS1 - Gewartet … - Gewartet … - Gewartet … - … So weit bin ich also. |
|
08.11.2015, 13:10
| #12 |
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Für den Scan musst du das Konto benutzen mit dem du immer arbeitest. Versuche dann den Snapshot nicht mit deinem Admin-Konto auszuführen.
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
08.11.2015, 13:21
| #13 | |
| | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?Zitat:
2.) Es gab mal eine kurze Zeit, im Telekom-Bereich eine Standard Email vom Abuse Team die gefälscht war. 3.) Kommt es dann auch darauf an, mit welcher Hotline Du telefoniert hast. Meistens sitzen dort auch nur Unerfahrene und erzählen einfach was sie gehört oder gelesen haben. 4.) Und wenn ein Check des MAC's nichts gefunden hat, würde ich es als Bestätigung sehen. Berichte bitte weiter...  |
|
08.11.2015, 13:47
| #14 |
| | Zweiter Scan auch ergebnislos Hallo Dante12, hallo weberchen, ich vergaß zu erwähnen, dass ich den Scan auch mit dem “normalen“ Benutzerkonto wiederholt hatte - mit dem gleichen Ergebnis: Weder Scan noch TakeSnapshot haben irgendwas Relevantes angezeigt. Ich danke also an der Stelle für Euren unermüdlichen Einsatz und schließe meine Anfrage. Die Mails der Telekom scheinen ohne erkennbaren Grund oder reale Bedrohung ausgesendet worden zu sein. Verwunderlich in dem Zusammenhang bleibt nur der Abstand der beiden Mails. Scheint fast so, als ob die Telekom öfter mal “gehakt“ würde … Einen schönen Sonntag Euch noch D-O-M |
|
08.11.2015, 14:14
| #15 |
| /// Mac Expert | Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? Alles Klar  Falls es noch Probleme gibt bitte Melden. Wenn du MBAM und EtreCheck deinstallieren möchtest siehe unten. Möglich das einige dort aufgeführte Einträge nicht vorhanden sind - ist aber ok. EtreCheck entfernen
MalwareBytes deinstallieren
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
| Themen zu Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? |
| adware, center, computer, ebanking, ebay, einstellungen, entfernen, eu-cleaner von botfrei, folge, infektion, internet, links, mac, mac osx, malwarebytes, neue, onlinebanking, passwort, passwörter, programme, prüfen, schadsoftware apt, seite, sicherheit, telekom, tipps, tools, viren, wichtig, xcodeghost |
Linear-Darstellung
