Zurück   Trojaner-Board > Web/PC > Alles rund um Mac OSX & Linux

Alles rund um Mac OSX & Linux: Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?

Windows 7 Für alle Fragen rund um Mac OSX, Linux und andere Unix-Derivate.

Antwort
Alt 01.11.2015, 11:30   #1
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Hallo liebe Forumsteilnehmer und Experten,

mein Mac (ja, richtig, ein Mac) scheint befallen zu sein mit Schadsoftware.
Dies geht aus zwei offiziellen Infomails des Deutsche Telekom Abuse-Team hervor, die ich erhalten habe. Nach Rückfrage sind diese auch echte Mails mit Hinweisen, also scheint da wirklich was auf meinem Mac zu werkeln, was da nicht hingehört.

Problem: Die Telekom Techniker konnten nur die Infektion feststellen, aber keine Empfehlung zur Behebung geben. Es wird einzig der Name der Bedrohung aufgelistet und diese Empfehlung ausgesprochen:

+++

1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und
Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer
Wahl.

2. Ändern Sie dann alle Passwörter:

- das 'Persönliche Kennwort' (für die Einwahl ins Internet)
- das 'Passwort' (für das E-Mail- und Kundencenter)
- das 'E-Mail-Passwort' (für E-Mail Programme, wie z. B. Microsoft
Outlook)

für die Dienste der Deutschen Telekom. Dies können Sie zentral im
Kundencenter unter https://kundencenter.telekom.de tätigen. Vergessen
Sie nicht etwaige Passwörter für Onlinebanking, eBay, Amazon, Paypal
und so weiter, falls Sie solche Dienste nutzen.

3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das
Betriebssystem und die installierte Software aktuell sind.

Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt
wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene
Schadsoftware nicht zuvor entfernt wurde. Wenn Sie hierbei
Unterstützung benötigen, erreichen Sie uns von Montag bis Freitag von
08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien Rufnummer 0800
5544 300. Halten Sie hierzu Ihre Abuse-ID und Zugangsnummer, welche Sie
im Betreff finden, bereit.

...

Auf unserer Seite https://abusefaq.telekom.de/faq.html haben wir Ihnen viele
hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt.

+++

Tja, und da ich am Mac arbeite, ist diese FAQ leider nur bedingt hilfreich:
- Die Empfehlung für den EU-Cleaner von botfrei scheidet aus, da dieser nur für PC erhältlich zu sein scheint: https://www.botfrei.de/telekom/
- Die Software Malwarebytes for MAC sucht anscheinend eher nach Adware: https://de.malwarebytes.org/antimalware/mac/

Nur: Mein Mac zeigt keinerlei Leistungseinbuße oder unnormales Verhalten.
Bevor ich daher wild weitere Software "teste" frage ich hier im Forum lieber mal nach.

Meine Fragen:
Welche Bedrohung geht von APT und xcodeghost aus?
Wie erkenne ich diese Schadsoftware?
Wie entferne ich sie, also mit welchen Tools?
Was sollte ich nach der Entfernung weiter tun?
Wie kann ich einem erneuten Befall vorbeugen?

Danke Euch für hilfreiche Hinweise.

Grüße
D-O-M

zu xcodeghost wird übrigens hier bereits diskutiert:

XcodeGhost: Apple veröffentlicht "Top 25" de? | Forum - heise online

Der davon angerichtete Schaden scheint eher gering zu sein. Aus der Liste der verdächtigen Apps findet sich auf meinem Rechner auch keine.

hxxp://www.heise.de/forum/Mac-i/News-Kommentare/XcodeGhost-Apple-veroeffentlicht-Top-25-der-infizierten-Apps/forum-246635/

hier wir bereits zu xcodeghost diskutiert.

Der durch diese Schadsoftware angerichtete Schaden scheint sich aber sehr in Grenzen zu halten.

Alt 01.11.2015, 14:44   #2
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Hi,


EtreCheck Log
  1. Lade dir bitte EtreCheck herunter.
  2. Entpacken und Ausführen
  3. Entferne in dem Start-Fenster alle Haken und klicke Start EtreCheck.
  4. Nach Abschluss erscheint das Fenster mit dem Log. Klicke oben links auf den Button Share Report und anschließend Copy Report to Clipboard.
  5. Das Log befindet sich nun in der Zwischenablage (Clipboard). Füge den Inhalt mit Command-V hier in dein Thema ein. Bitte in Code-Tags siehe unten.


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit COMMAND+A) und kopiere es in die Zwischenablage mit COMMAND+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke COMMAND+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

__________________

__________________

Alt 01.11.2015, 18:26   #3
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

EtreCheck Auswertung



Hallo Dante12,

danke für die schnelle Antwort.
Hier das Ergebnis von EtreCheck:

Code:
ATTFilter
EtreCheck version: 2.6.3 (223)
Report generated 01.11.15 18:24
Runtime 1:58
Download EtreCheck from hxxp://etresoft.com/etrecheck

Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.

Check Apple signatures: Disabled
Ignore known Apple failures: Disabled
Hide Apple tasks: Disabled

Hardware Information: (What does this mean?)
    MacBook Pro (15-inch, Late 2008) 
    [Click for Technical Specifications]
    [Click for User Guide]
    MacBook Pro - model: MacBookPro5,1
    1 2.4 GHz Intel Core 2 Duo CPU: 2-core
    8 GB RAM 
            BANK 0/DIMM0
            4 GB DDR3 1067 MHz ok
        BANK 0/DIMM1
            4 GB DDR3 1067 MHz ok
    Bluetooth: Old - Handoff/Airdrop2 not supported
    Wireless:  en1: 802.11 a/b/g/n
    Battery: Health = Normal - Cycle count = 114 - SN = W042501KF6G1A

Video Information: (What does this mean?)
    NVIDIA GeForce 9400M - VRAM: 256 MB
        Color LCD 1440 x 900
    NVIDIA GeForce 9600M GT - VRAM: 256 MB

System Software: (What does this mean?)
    OS X Mountain Lion 10.8.5 (12F2560) - Time since boot: about 13 days 

Disk Information: (What does this mean?)
    Samsung SSD 840 PRO Series disk0 : (256,06 GB) (Solid State - TRIM: No)
        disk0s1 (disk0s1) <not mounted> : 210 MB 
        Macintosh_SSD (disk0s2) / : 255.20 GB (26.20 GB free)
        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB 

    ST9500423AS disk1 : (500,11 GB) (Rotational)
        disk1s1 (disk1s1) <not mounted> : 210 MB 
        Macintosh_HD (disk1s2) /Volumes/Macintosh_HD : 499.76 GB (212.61 GB free)

USB Information: (What does this mean?)
    Apple Inc. Built-in iSight 
    Apple, Inc. Apple Internal Keyboard / Trackpad 
    Apple Computer, Inc. IR Receiver 
    Apple Inc. BRCM2046 Hub 
        Apple Inc. Bluetooth USB Host Controller 

Configuration files: (What does this mean?)
    /etc/hosts - Count: 7

Gatekeeper: (What does this mean?)
    Mac App Store and identified developers

Kernel Extensions: (What does this mean?)
        /Applications/KeyRemap4MacBook.app
    [loaded]    org.pqrs.driver.KeyRemap4MacBook (8.4.0 - SDK 10.8) [Click for support]

        /Library/Extensions
    [not loaded]    com.wacom.kext.ftdi (1 - SDK 10.10) [Click for support]

        /System/Library/Extensions
    [loaded]    at.obdev.nke.LittleSnitch (4352 - SDK 10.8) [Click for support]
    [not loaded]    com.microsoft.driver.MicrosoftMouse (8.2) [Click for support]
    [loaded]    com.parallels.kext.prl_usb_connect (7.0 15107.796624) [Click for support]
    [loaded]    com.vara.driver.VaraAudio (1.0.3) [Click for support]
    [not loaded]    com.wacom.kext.wacomtablet (6.3.11 - SDK 10.9) [Click for support]
    [loaded]    net.telestream.driver.TelestreamAudio (1.1.0 - SDK 10.8) [Click for support]

        /System/Library/Extensions/MicrosoftMouse.kext/Contents/PlugIns
    [not loaded]    com.microsoft.driver.MicrosoftMouseBluetooth (8.2) [Click for support]
    [not loaded]    com.microsoft.driver.MicrosoftMouseUSB (8.2) [Click for support]

        /Volumes/Macintosh_HD/Applications/Toast 9 Titanium/Toast Titanium.app
    [not loaded]    com.elgato.driver.Pluto2 (1.1) [Click for support]
    [not loaded]    com.roxio.BluRaySupport (1.1.6) [Click for support]
    [not loaded]    com.roxio.TDIXController (1.7) [Click for support]

        /Volumes/Macintosh_HD/Applications/Transmit.app
    [not loaded]    com.panic.TransmitDisk.transmitdiskfs (4.0.0 - SDK 10.6) [Click for support]

        /Volumes/Macintosh_HD/Applications/Utilities/DiskWarrior.app
    [not loaded]    com.alsoft.Preview (4.4) [Click for support]

        /Volumes/Macintosh_HD/Library/Parallels/Parallels Service.app
    [loaded]    com.parallels.kext.prl_hid_hook (7.0 15107.796624) [Click for support]
    [loaded]    com.parallels.kext.prl_hypervisor (7.0 15107.796624) [Click for support]
    [loaded]    com.parallels.kext.prl_netbridge (7.0 15107.796624) [Click for support]
    [loaded]    com.parallels.kext.prl_vnic (7.0 15107.796624) [Click for support]

System Launch Agents: (What does this mean?)
    [loaded]    com.apple.AOSNotificationOSX.plist
    [loaded]    com.apple.AOSPushRelay.plist
    [loaded]    com.apple.AddressBook.AssistantService.plist
    [loaded]    com.apple.AddressBook.SourceSync.plist
    [loaded]    com.apple.AddressBook.abd.plist
    [loaded]    com.apple.AirPlayUIAgent.plist
    [running]    com.apple.AirPortBaseStationAgent.plist
    [loaded]    com.apple.AppleGraphicsWarning.plist
    [loaded]    com.apple.BezelUI.plist
    [running]    com.apple.CalendarAgent.plist
    [loaded]    com.apple.ContainerRepairAgent.plist
    [loaded]    com.apple.CoreLocationAgent.plist
    [loaded]    com.apple.CoreRAIDAgent.plist
    [loaded]    com.apple.DiskArbitrationAgent.plist
    [running]    com.apple.Dock.plist
    [loaded]    com.apple.FTCleanup.plist
    [loaded]    com.apple.FileSyncAgent.PHD.plist
    [running]    com.apple.Finder.plist
    [loaded]    com.apple.FontRegistryUIAgent.plist
    [loaded]    com.apple.FontValidator.plist
    [loaded]    com.apple.FontValidatorConduit.plist
    [loaded]    com.apple.FontWorker.plist
    [loaded]    com.apple.KerberosHelper.LKDCHelper.plist
    [running]    com.apple.LaunchServices.lsboxd.plist
    [running]    com.apple.NetworkBrowserAgent.plist
    [loaded]    com.apple.NetworkDiagnostics.plist
    [loaded]    com.apple.PCIESlotCheck.plist
    [loaded]    com.apple.PackageKit.InstallStatus.plist
    [loaded]    com.apple.PubSub.Agent.plist
    [loaded]    com.apple.ReclaimSpaceAgent.plist
    [loaded]    com.apple.RemoteDesktop.plist
    [loaded]    com.apple.ReportCrash.Self.plist
    [loaded]    com.apple.ReportCrash.plist
    [loaded]    com.apple.ReportGPURestart.plist
    [loaded]    com.apple.ReportPanic.plist
    [loaded]    com.apple.SSInvitationAgent.plist
    [loaded]    com.apple.SafariNotificationAgent.plist
    [loaded]    com.apple.ScreenReaderUIServer.plist
    [loaded]    com.apple.ServiceManagement.LoginItems.plist
    [loaded]    com.apple.SocialPushAgent.plist
    [loaded]    com.apple.SubmitDiagInfo.plist
    [loaded]    com.apple.SubmitDiagInfo.xpc.plist
    [running]    com.apple.SystemUIServer.plist
    [loaded]    com.apple.TMLaunchAgent.plist
    [loaded]    com.apple.TrustEvaluationAgent.plist
    [running]    com.apple.UserEventAgent-Aqua.plist
    [loaded]    com.apple.UserEventAgent-LoginWindow.plist
    [loaded]    com.apple.UserNotificationCenterAgent-LoginWindow.plist
    [loaded]    com.apple.UserNotificationCenterAgent.plist
    [loaded]    com.apple.VoiceOver.plist
    [loaded]    com.apple.WebKit.PluginAgent.plist
    [loaded]    com.apple.ZoomWindow.plist
    [running]    com.apple.accountsd.plist
    [failed]    com.apple.afpstat.plist [Click for details]
    [loaded]    com.apple.alf.useragent.plist
    [loaded]    com.apple.aos.migrate.plist
    [loaded]    com.apple.appstoreupdateagent.plist
    [loaded]    com.apple.apsctl.plist
    [loaded]    com.apple.assistant_service.plist
    [running]    com.apple.assistantd.plist
    [loaded]    com.apple.bluetoothAudioAgent.plist
    [loaded]    com.apple.bluetoothUIServer.plist
    [loaded]    com.apple.btsa.plist
    [loaded]    com.apple.cfnetwork.AuthBrokerAgent.plist
    [loaded]    com.apple.cfnetwork.cfnetworkagent.plist
    [running]    com.apple.cfprefsd.xpc.agent.plist
    [running]    com.apple.cookied.plist
    [loaded]    com.apple.coredata.externalrecordswriter.plist
    [running]    com.apple.coreservices.appleid.authentication.plist
    [loaded]    com.apple.coreservices.uiagent.plist
    [loaded]    com.apple.csuseragent.plist
    [loaded]    com.apple.cvmsCompAgent_i386.plist
    [loaded]    com.apple.cvmsCompAgent_i386_1.plist
    [running]    com.apple.cvmsCompAgent_x86_64.plist
    [running]    com.apple.cvmsCompAgent_x86_64_1.plist
    [running]    com.apple.distnoted.xpc.agent.plist
    [loaded]    com.apple.familycontrols.useragent.plist
    [loaded]    com.apple.findmymacmessenger.plist
    [running]    com.apple.fontd.useragent.plist
    [loaded]    com.apple.gamed.plist
    [running]    com.apple.helpd.plist
    [loaded]    com.apple.iChat.Theater.plist
    [running]    com.apple.imagent.plist
    [loaded]    com.apple.imklaunchagent.plist
    [loaded]    com.apple.installd.user.plist
    [loaded]    com.apple.isst.plist
    [loaded]    com.apple.java.InstallOnDemand.plist
    [loaded]    com.apple.java.updateSharing.plist
    [running]    com.apple.librariand.plist
    [loaded]    com.apple.locationmenu.plist
    [loaded]    com.apple.lookupd.plist
    [loaded]    com.apple.marcoagent.plist
    [loaded]    com.apple.maspushagent.plist
    [loaded]    com.apple.mdmclient.agent.plist
    [loaded]    com.apple.mdworker.32bit.plist
    [loaded]    com.apple.mdworker.bundles.plist
    [loaded]    com.apple.mdworker.isolation.plist
    [loaded]    com.apple.mdworker.lsb.plist
    [loaded]    com.apple.mdworker.mail.plist
    [loaded]    com.apple.mdworker.shared.plist
    [loaded]    com.apple.mdworker.single.plist
    [loaded]    com.apple.metadata.mdwrite.plist
    [loaded]    com.apple.midiserver.plist
    [failed]    com.apple.mrt.uiagent.plist
    [loaded]    com.apple.netauth.user.auth.plist
    [loaded]    com.apple.netauth.user.gui.plist
    [running]    com.apple.notificationcenterui.plist
    [loaded]    com.apple.parentalcontrols.check.plist
    [running]    com.apple.pboard.plist
    [running]    com.apple.pbs.plist
    [loaded]    com.apple.pictd.plist
    [loaded]    com.apple.printtool.agent.plist
    [loaded]    com.apple.printuitool.agent.plist
    [loaded]    com.apple.quicklook.32bit.plist
    [loaded]    com.apple.quicklook.config.plist
    [running]    com.apple.quicklook.plist
    [loaded]    com.apple.quicklook.ui.helper.plist
    [loaded]    com.apple.rcd.plist
    [loaded]    com.apple.safaridavclient.plist
    [loaded]    com.apple.scopedbookmarkagent.xpc.plist
    [loaded]    com.apple.screensharing.MessagesAgent.plist
    [loaded]    com.apple.screensharing.agent.plist
    [loaded]    com.apple.scrod.plist
    [loaded]    com.apple.sociald.plist
    [loaded]    com.apple.speech.feedbackservicesserver.plist
    [loaded]    com.apple.speech.recognitionserver.plist
    [loaded]    com.apple.speech.synthesisserver.plist
    [loaded]    com.apple.speech.voiceinstallerd.plist
    [loaded]    com.apple.spindump_agent.plist
    [loaded]    com.apple.store_helper.plist
    [loaded]    com.apple.storeagent.plist
    [loaded]    com.apple.syncdefaultsd.plist
    [loaded]    com.apple.syncservices.SyncServer.plist
    [loaded]    com.apple.syncservices.uihandler.plist
    [loaded]    com.apple.systemprofiler.plist
    [running]    com.apple.talagent.plist
    [running]    com.apple.tccd.plist
    [loaded]    com.apple.tiswitcher.plist
    [loaded]    com.apple.twitterd.plist
    [running]    com.apple.ubd.plist
    [loaded]    com.apple.universalaccesscontrol.plist
    [loaded]    com.apple.universalaccessd.plist
    [loaded]    com.apple.unmountassistant.useragent.plist
    [running]    com.apple.usernoted.plist
    [loaded]    com.apple.weibod.plist
    [loaded]    com.apple.xmigrationhelper.user.plist
    [loaded]    org.openbsd.ssh-agent.plist

System Launch Daemons: (What does this mean?)
    [loaded]    bootps.plist
    [loaded]    com.apple.AOSNotificationFMM.plist
    [loaded]    com.apple.AirPlayXPCHelper.plist
    [loaded]    com.apple.AppleFileServer.plist
    [loaded]    com.apple.CoreRAID.plist
    [loaded]    com.apple.DiagnosticReportCleanUp.plist
    [loaded]    com.apple.DumpGPURestart.plist
    [loaded]    com.apple.DumpPanic.plist
    [running]    com.apple.FileCoordination.plist
    [loaded]    com.apple.FileSyncAgent.sshd.plist
    [loaded]    com.apple.FontWorker.plist
    [loaded]    com.apple.IFCStart.plist
    [loaded]    com.apple.IOAccelMemoryInfoCollector.plist
    [loaded]    com.apple.IOBluetoothUSBDFU.plist
    [loaded]    com.apple.InternetSharing.plist
    [loaded]    com.apple.Kerberos.digest-service.plist
    [loaded]    com.apple.Kerberos.kadmind.plist
    [loaded]    com.apple.Kerberos.kcm.plist
    [loaded]    com.apple.Kerberos.kdc.plist
    [loaded]    com.apple.Kerberos.kpasswdd.plist
    [running]    com.apple.KernelEventAgent.plist
    [loaded]    com.apple.ManagedClient.plist
    [loaded]    com.apple.ManagedClient.startup.plist
    [loaded]    com.apple.NetBootClientStatus.plist
    [loaded]    com.apple.NetworkDiagnostics.plist
    [loaded]    com.apple.NetworkLinkConditioner.plist
    [loaded]    com.apple.ODSAgent.plist
    [loaded]    com.apple.PCIELaneConfigTool.plist
    [loaded]    com.apple.PasswordService.plist
    [loaded]    com.apple.RFBEventHelper.plist
    [loaded]    com.apple.RemoteDesktop.PrivilegeProxy.plist
    [loaded]    com.apple.ReportCrash.Root.plist
    [loaded]    com.apple.SCHelper.plist
    [loaded]    com.apple.SecurityAgent.plist
    [loaded]    com.apple.ServerPerfLog.aslmanager.plist
    [loaded]    com.apple.ServerPerfLog.plist
    [loaded]    com.apple.SystemStarter.plist
    [loaded]    com.apple.TrustEvaluationAgent.system.plist
    [running]    com.apple.UserEventAgent-System.plist
    [running]    com.apple.UserNotificationCenter.plist
    [running]    com.apple.WindowServer.plist
    [loaded]    com.apple.activitymonitord.plist
    [loaded]    com.apple.afpfs_afpLoad.plist
    [running]    com.apple.afpfs_checkafp.plist
    [loaded]    com.apple.airport.wps.plist
    [loaded]    com.apple.airportPrefsUpdater.plist
    [loaded]    com.apple.airportd.plist
    [loaded]    com.apple.alf.agent.plist
    [loaded]    com.apple.appleprofilepolicyd.plist
    [running]    com.apple.apsd.plist
    [loaded]    com.apple.aslmanager.plist
    [loaded]    com.apple.atrun.plist
    [running]    com.apple.audio.coreaudiod.plist
    [loaded]    com.apple.auditd.plist
    [loaded]    com.apple.authorizationhost.plist
    [running]    com.apple.autofsd.plist
    [loaded]    com.apple.automountd.plist
    [loaded]    com.apple.avbdeviced.plist
    [loaded]    com.apple.awacsd.plist
    [loaded]    com.apple.backupd-attach.plist
    [loaded]    com.apple.backupd-auto.plist
    [loaded]    com.apple.backupd-wake.plist
    [loaded]    com.apple.backupd.plist
    [running]    com.apple.blued.plist
    [loaded]    com.apple.bnepd.plist
    [loaded]    com.apple.bsd.dirhelper.plist
    [running]    com.apple.bsd.launchdadd.plist
    [running]    com.apple.cfprefsd.xpc.daemon.plist
    [loaded]    com.apple.cmio.AVCAssistant.plist
    [loaded]    com.apple.cmio.AppleCameraAssistant.plist
    [loaded]    com.apple.cmio.IIDCVideoAssistant.plist
    [loaded]    com.apple.cmio.VDCAssistant.plist
    [loaded]    com.apple.comsat.plist
    [running]    com.apple.configd.plist
    [loaded]    com.apple.configureLocalKDC.plist
    [running]    com.apple.coreservices.appleevents.plist
    [loaded]    com.apple.coreservices.appleid.passwordcheck.plist
    [running]    com.apple.coreservicesd.plist
    [loaded]    com.apple.corestorage.corestoraged.plist
    [loaded]    com.apple.corestorage.corestoragehelperd.plist
    [running]    com.apple.coresymbolicationd.plist
    [running]    com.apple.cvmsServ.plist
    [running]    com.apple.diskarbitrationd.plist
    [loaded]    com.apple.diskmanagementd.plist
    [running]    com.apple.distnoted.xpc.daemon.plist
    [loaded]    com.apple.dnsextd.plist
    [loaded]    com.apple.docsetinstalld.plist
    [loaded]    com.apple.dpd.plist
    [loaded]    com.apple.dspluginhelperd.plist
    [loaded]    com.apple.dvdplayback.setregion.plist
    [running]    com.apple.dynamic_pager.plist
    [loaded]    com.apple.eapolcfg_auth.plist
    [loaded]    com.apple.efax.plist
    [loaded]    com.apple.efilogin-helper.plist
    [loaded]    com.apple.emlog.plist
    [failed]    com.apple.emond.aslmanager.plist [Click for details]
    [loaded]    com.apple.emond.plist
    [loaded]    com.apple.eppc.plist
    [loaded]    com.apple.familycontrols.plist
    [loaded]    com.apple.findmymac.plist
    [loaded]    com.apple.findmymacmessenger.plist
    [loaded]    com.apple.firmwaresyncd.plist
    [running]    com.apple.fontd.plist
    [loaded]    com.apple.fontmover.plist
    [running]    com.apple.fseventsd.plist
    [loaded]    com.apple.ftp-proxy.plist
    [loaded]    com.apple.geod.plist
    [loaded]    com.apple.getty.plist
    [loaded]    com.apple.gkreport.plist
    [loaded]    com.apple.gssd.plist
    [running]    com.apple.hdiejectd.plist
    [running]    com.apple.hidd.plist
    [loaded]    com.apple.installd.plist
    [loaded]    com.apple.kcproxy.plist
    [loaded]    com.apple.kdumpd.plist
    [running]    com.apple.kextd.plist
    [loaded]    com.apple.kuncd.plist
    [loaded]    com.apple.locate.plist
    [running]    com.apple.locationd.plist
    [loaded]    com.apple.lockd.plist
    [loaded]    com.apple.locum.plist
    [running]    com.apple.logind.plist
    [running]    com.apple.loginwindow.plist
    [loaded]    com.apple.loginwindow.secureerase.plist
    [running]    com.apple.mDNSResponder.plist
    [loaded]    com.apple.mDNSResponderHelper.plist
    [loaded]    com.apple.mbicloudsetupd.plist
    [loaded]    com.apple.mdmclient.daemon.plist
    [running]    com.apple.metadata.mds.plist
    [loaded]    com.apple.metadata.mds.scan.plist
    [loaded]    com.apple.metadata.mds.spindump.plist
    [loaded]    com.apple.mrt.plist
    [loaded]    com.apple.msrpc.echosvc.plist
    [loaded]    com.apple.msrpc.lsarpc.plist
    [loaded]    com.apple.msrpc.mdssvc.plist
    [loaded]    com.apple.msrpc.netlogon.plist
    [loaded]    com.apple.msrpc.srvsvc.plist
    [loaded]    com.apple.msrpc.wkssvc.plist
    [running]    com.apple.mtmd.plist
    [running]    com.apple.mtmfs.plist
    [loaded]    com.apple.netauth.sys.auth.plist
    [loaded]    com.apple.netauth.sys.gui.plist
    [running]    com.apple.netbiosd.plist
    [running]    com.apple.networkd.plist
    [loaded]    com.apple.networkd_privileged.plist
    [loaded]    com.apple.newsyslog.plist
    [loaded]    com.apple.nfsconf.plist
    [loaded]    com.apple.nfsd.plist
    [loaded]    com.apple.nis.rpc.yppasswdd.plist
    [loaded]    com.apple.nis.ypbind.plist
    [loaded]    com.apple.nis.ypserv.plist
    [running]    com.apple.notifyd.plist
    [running]    com.apple.ocspd.plist
    [loaded]    com.apple.odproxyd.plist
    [running]    com.apple.opendirectoryd.plist
    [loaded]    com.apple.periodic-daily.plist
    [loaded]    com.apple.periodic-monthly.plist
    [loaded]    com.apple.periodic-weekly.plist
    [loaded]    com.apple.pfctl.plist
    [loaded]    com.apple.platform.ptmd.plist
    [running]    com.apple.powerd.plist
    [loaded]    com.apple.preferences.timezone.admintool.plist
    [loaded]    com.apple.preferences.timezone.auto.plist
    [loaded]    com.apple.printtool.daemon.plist
    [loaded]    com.apple.racoon.plist
    [loaded]    com.apple.remotepairtool.plist
    [running]    com.apple.revisiond.plist
    [loaded]    com.apple.rpcbind.plist
    [loaded]    com.apple.rpmuxd.plist
    [loaded]    com.apple.sandboxd.plist
    [loaded]    com.apple.screensharing.plist
    [loaded]    com.apple.scsid.plist
    [loaded]    com.apple.secd.plist
    [loaded]    com.apple.security.FDERecoveryAgent.plist
    [running]    com.apple.security.syspolicy.plist
    [running]    com.apple.securityd.plist
    [loaded]    com.apple.shutdown_monitor.plist
    [running]    com.apple.sleepservicesd.plist
    [loaded]    com.apple.smb.preferences.plist
    [loaded]    com.apple.smbd.plist
    [loaded]    com.apple.softwareupdatecheck.initial.plist
    [loaded]    com.apple.softwareupdatecheck.periodic.plist
    [loaded]    com.apple.spindump.plist
    [loaded]    com.apple.spindump_symbolicator.plist
    [running]    com.apple.stackshot.plist
    [loaded]    com.apple.statd.notify.plist
    [loaded]    com.apple.store_helper.recovery.plist
    [loaded]    com.apple.storeagent.recovery.plist
    [loaded]    com.apple.storereceiptinstaller.plist
    [loaded]    com.apple.suhelperd.plist
    [running]    com.apple.syslogd.plist
    [running]    com.apple.sysmond.plist
    [loaded]    com.apple.systemkeychain.plist
    [loaded]    com.apple.systempreferences.installer.plist
    [loaded]    com.apple.systempreferences.writeconfig.plist
    [loaded]    com.apple.taskgated-helper.plist
    [running]    com.apple.taskgated.plist
    [loaded]    com.apple.ucupdate.plist
    [loaded]    com.apple.uninstalld.plist
    [loaded]    com.apple.unmountassistant.sysagent.plist
    [running]    com.apple.usbmuxd.plist
    [loaded]    com.apple.uucp.plist
    [loaded]    com.apple.var-db-dslocal-backup.plist
    [loaded]    com.apple.vsdbutil.plist
    [running]    com.apple.warmd.plist
    [running]    com.apple.wdhelper.plist
    [loaded]    com.apple.webdavfs_load_kext.plist
    [loaded]    com.apple.wifid.plist
    [loaded]    com.apple.xpcd.plist
    [loaded]    com.apple.xprotectupdater.plist
    [loaded]    com.apple.xprotectupdaterinit.plist
    [loaded]    com.apple.xsan.plist
    [loaded]    com.apple.xsanmgrd.plist
    [loaded]    com.apple.xscertadmin.plist
    [loaded]    com.apple.xscertd-helper.plist
    [loaded]    com.apple.xscertd.plist
    [loaded]    com.danga.memcached.plist
    [loaded]    com.vix.cron.plist
    [loaded]    exec.plist
    [loaded]    finger.plist
    [loaded]    ftp.plist
    [loaded]    login.plist
    [loaded]    ntalk.plist
    [loaded]    org.apache.httpd.plist
    [loaded]    org.cups.cups-lpd.plist
    [running]    org.cups.cupsd.plist
    [loaded]    org.freeradius.radiusd.plist
    [loaded]    org.isc.named.plist
    [loaded]    org.net-snmp.snmpd.plist
    [running]    org.ntp.ntpd.plist
    [loaded]    org.openldap.slapd.plist
    [loaded]    org.postfix.master.plist
    [loaded]    org.postgresql.postgres_alt.plist
    [loaded]    shell.plist
    [loaded]    ssh.plist
    [loaded]    telnet.plist
    [loaded]    tftp.plist

Launch Agents: (What does this mean?)
    [running]    at.obdev.LittleSnitchUIAgent.plist [Click for support]
    [loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.adobe.AdobeCreativeCloud.plist [Click for support]
    [loaded]    com.parallels.DesktopControlAgent.plist [Click for support]
    [loaded]    com.parallels.desktop.launch.plist [Click for support]
    [running]    com.parallels.vm.prl_pcproxy.plist [Click for support]
    [loaded]    com.teamviewer.teamviewer.plist [Click for support]
    [loaded]    com.teamviewer.teamviewer_desktop.plist [Click for support]
    [running]    com.wacom.wacomtablet.plist [Click for support]
    [loaded]    com.xrite.device.softwareupdate.plist [Click for support]
    [failed]    io.pyd.sync.launcher.plist [Click for support]
    [failed]    io.pyd.sync.ui.plist [Click for support]
    [loaded]    io.pyd.synchro.launcher.plist [Click for support]
    [loaded]    org.pqrs.KeyRemap4MacBook.server.plist [Click for support]

Launch Daemons: (What does this mean?)
    [running]    at.obdev.littlesnitchd.plist [Click for support]
    [loaded]    com.adobe.SwitchBoard.plist [Click for support]
    [loaded]    com.adobe.fpsaud.plist [Click for support]
    [loaded]    com.bresink.system.securityagent3a.plist [Click for support]
    [loaded]    com.microsoft.office.licensing.helper.plist [Click for support]
    [loaded]    com.ovh.hubiCFinderPlugin.Installer.plist [Click for support]
    [running]    com.parallels.desktop.launchdaemon.plist [Click for support]
    [loaded]    com.teamviewer.Helper.plist [Click for support]
    [loaded]    com.teamviewer.teamviewer_service.plist [Click for support]
    [running]    com.xrite.device.xrdd.plist [Click for support]
    [loaded]    org.cindori.AuthHelper.plist [Click for support]
    [loaded]    org.cindori.TEAuth.plist [Click for support]
    [loaded]    org.pqrs.KeyRemap4MacBook.load.plist [Click for support]

User Launch Agents: (What does this mean?)
    [loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.adobe.ARM.[...].plist [Click for support]
    [loaded]    com.apple.AddressBook.ScheduledSync.PHXC...plist
    [loaded]    com.google.keystone.agent.plist [Click for support]

User Login Items: (What does this mean?)
    iTunesHelper    Programm  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
    ShadowSweeper    Programm Hidden (/Applications/ShadowSweeper.app)
    Namely    Programm Hidden (/Applications/Namely.app)
    TextExpander4.3.6    Programm Hidden (/Applications/TextExpander4.3.6.app)
    TotalFinder    Programm  (/Applications/TotalFinder.app)
    PowerboxInjector    Programm  (/Applications/PowerboxInjector.app)

Other Apps: (What does this mean?)
    [running]    0x7f9622c03ac0.anonymous.coreservicesd - Invalid signature!
    [running]    0x7f9622c04bb0.anonymous.apsd - Invalid signature!
    [running]    0x7f9622c04ea0.anonymous.loginwindow - Invalid signature!
    [running]    0x7f9622c051a0.anonymous.WindowServer - Invalid signature!
    [running]    0x7f9622c142c0.anonymous.loginwindow - Invalid signature!
    [running]    0x7f9622c14e00.anonymous.CVMServer - Invalid signature!
    [running]    0x7f9622c16020.anonymous.AdobeIPCBroker - Invalid signature!
    [running]    0x7f9622c17650.anonymous.prl_disp_servic - Invalid signature!
    [running]    0x7f9622c17950.anonymous.sh - Invalid signature!
    [running]    0x7f9622c18790.anonymous.com.apple.iClou - Invalid signature!
    [running]    0x7f9622c19fe0.anonymous.com.apple.dock. - Invalid signature!
    [running]    0x7f9622c1ad30.anonymous.AdobeCrashDaemo - Invalid signature!
    [running]    0x7f9622d064a0.anonymous.mds - Invalid signature!
    [running]    0x7f9622d23200.anonymous.Little Snitch D - Invalid signature!
    [running]    0x7f9622d247e0.anonymous.WindowServer - Invalid signature!
    [running]    0x7f9622d26e60.anonymous.diskarbitration - Invalid signature!
    [running]    0x7f9622d27ce0.anonymous.com.apple.secur - Invalid signature!
    [running]    0x7f9709c10760.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c12b60.anonymous.diskimages-help - Invalid signature!
    [running]    0x7f9709c172e0.anonymous.Dock - Invalid signature!
    [running]    0x7f9709c175d0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c178c0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c17bb0.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c21f30.anonymous.com.apple.dock. - Invalid signature!
    [running]    0x7f9709c22220.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c22510.anonymous.com.apple.dock. - Invalid signature!
    [running]    0x7f9709c22810.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c22b00.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c2b510.anonymous.com.apple.iClou - Invalid signature!
    [running]    0x7f9709c2b810.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c2bb00.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c33100.anonymous.com.apple.audio - Invalid signature!
    [running]    0x7f9709c47650.anonymous.com.apple.secur - Invalid signature!
    [running]    0x7f9709c5ddb0.anonymous.loginwindow - Invalid signature!
    [running]    0x7f9709c5e0b0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c5e3a0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c5e690.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c5e9a0.anonymous.CalendarAgent - Invalid signature!
    [running]    0x7f9709c5ed50.anonymous.com.apple.dock. - Invalid signature!
    [running]    0x7f9709c5f7d0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c5fac0.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c61a60.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c61e40.anonymous.imagent - Invalid signature!
    [running]    0x7f9709c63a80.anonymous.com.apple.Share - Invalid signature!
    [running]    0x7f9709c63d70.anonymous.com.apple.Share - Invalid signature!
    [running]    0x7f9709c64070.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c64360.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c6b2a0.anonymous.ubd - Invalid signature!
    [running]    0x7f9709c6bc40.anonymous.com.apple.secur - Invalid signature!
    [running]    0x7f9709c72150.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c72440.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c72730.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709c7c230.anonymous.com.apple.iClou - Invalid signature!
    [running]    0x7f9709c7c520.anonymous.launchd - Invalid signature!
    [running]    0x7f9709c7c810.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d39b80.anonymous.prl_disp_servic - Invalid signature!
    [running]    0x7f9709d3ca20.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d3cd10.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d3d000.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d3ffe0.anonymous.com.apple.secur - Invalid signature!
    [running]    0x7f9709d44210.anonymous.TextEdit - Invalid signature!
    [running]    0x7f9709d44500.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d447f0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d44ae0.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d459b0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d4d470.anonymous.Preview - Invalid signature!
    [running]    0x7f9709d4d980.anonymous.imagent - Invalid signature!
    [running]    0x7f9709d4dc70.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d4df60.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d4e250.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d520d0.anonymous.coreaudiod - Invalid signature!
    [running]    0x7f9709d5a940.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d5ac30.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d5ed30.anonymous.com.apple.audio - Invalid signature!
    [running]    0x7f9709d5f030.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d5f320.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d669c0.anonymous.CalendarAgent - Invalid signature!
    [running]    0x7f9709d66cc0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d66fb0.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d672a0.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d722c0.anonymous.diskimages-help - Invalid signature!
    [running]    0x7f9709d725c0.anonymous.com.apple.iClou - Invalid signature!
    [running]    0x7f9709d72bc0.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d73600.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d7bb30.anonymous.com.apple.iClou - Invalid signature!
    [running]    0x7f9709d7c960.anonymous.Dock - Invalid signature!
    [running]    0x7f9709d7cc50.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d7cf40.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d7d230.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d850b0.anonymous.com.apple.dock. - Invalid signature!
    [running]    0x7f9709d853a0.anonymous.TextEdit - Invalid signature!
    [running]    0x7f9709d85690.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d85980.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d85c70.anonymous.xpcd - Invalid signature!
    [running]    0x7f9709d8d210.anonymous.com.apple.secur - Invalid signature!
    [running]    0x7f9709d8d510.anonymous.launchd - Invalid signature!
    [running]    0x7f9709d8d800.anonymous.xpcd - Invalid signature!
    [running]    [0x0-0xa6fa6f].com.apple.iTunesHelper - Invalid signature!
    [running]    [0x0-0xa79a79].com.asagoo.namely
    [running]    [0x0-0xa7aa7a].com.binaryage.totalfinder.agent
    [running]    [0x0-0xa7ba7b].jp.cvz.PowerboxInjector
    [running]    [0x0-0xa7ca7c].com.wacom.WacomTouchDriver
    [running]    [0x0-0xa7fa7f].at.obdev.LittleSnitchNetworkMonitor
    [running]    [0x0-0xa82a82].com.adobe.acc.AdobeDesktopService
    [running]    [0x0-0xa83a83].com.wacom.TabletDriver
    [running]    [0x0-0xa85a85].com.binaryage.totalfinder.crashwatcher
    [running]    [0x0-0xa88a88].com.adobe.accmac
    [running]    [0x0-0xa8da8d].com.apple.systemevents - Invalid signature!
    [running]    [0x0-0xa8ea8e].com.apple.AppleSpell - Invalid signature!
    [running]    [0x0-0xa8fa8f].com.etresoft.EtreCheck
    [running]    [0x0-0xa95a95].com.apple.TextEdit - Invalid signature!
    [loaded]    com.apple.AppSandboxSMLoginItemEnabler - Invalid signature!
    [loaded]    com.apple.CMValidateMovieDataReferenceService - Invalid signature!
    [loaded]    com.apple.CoreText.FontDownloadHelper - Invalid signature!
    [loaded]    com.apple.DataDetectors.DataDetectorsActionService - Invalid signature!
    [loaded]    com.apple.HasTRB - Invalid signature!
    [loaded]    com.apple.ImageKit.RecentPictureService - Invalid signature!
    [loaded]    com.apple.PDFKit.PDFFileRefsValidator - Invalid signature!
    [loaded]    com.apple.PerformanceAnalysis.animationperfd - Invalid signature!
    [loaded]    com.apple.Preview.TrustedBookmarksService - Invalid signature!
    [loaded]    com.apple.SafariServices - Invalid signature!
    [loaded]    com.apple.SceneKit.C3DColladaResourcesCoordinator - Invalid signature!
    [loaded]    com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186A5 - Invalid signature!
    [loaded]    com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186F5 - Invalid signature!
    [running]    com.apple.ShareKitHelper - Invalid signature!
    [loaded]    com.apple.XType.FontHelper - Invalid signature!
    [loaded]    com.apple.appkit.xpc.sandboxedServiceRunner - Invalid signature!
    [loaded]    com.apple.audio.ComponentHelper - Invalid signature!
    [loaded]    com.apple.audio.InfoHelper - Invalid signature!
    [loaded]    com.apple.audio.SandboxHelper - Invalid signature!
    [loaded]    com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A0 - Invalid signature!
    [loaded]    com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A5 - Invalid signature!
    [loaded]    com.apple.authorizationhost.00000000-0000-0000-0000-0000000186F5 - Invalid signature!
    [loaded]    com.apple.automator.xpc.workflowServiceRunner - Invalid signature!
    [loaded]    com.apple.cmio.registerassistantservice - Invalid signature!
    [loaded]    com.apple.coremedia.videodecoder - Invalid signature!
    [loaded]    com.apple.desktopservices.KeynoteConverterXPCService - Invalid signature!
    [loaded]    com.apple.desktopservices.KeynoteConverterXPCService32 - Invalid signature!
    [loaded]    com.apple.desktopservices.KeynoteConverterXPCService64 - Invalid signature!
    [loaded]    com.apple.desktopservices.NumbersConverterXPCService - Invalid signature!
    [loaded]    com.apple.desktopservices.NumbersConverterXPCService32 - Invalid signature!
    [loaded]    com.apple.desktopservices.NumbersConverterXPCService64 - Invalid signature!
    [loaded]    com.apple.desktopservices.PagesConverterXPCService - Invalid signature!
    [loaded]    com.apple.desktopservices.PagesConverterXPCService32 - Invalid signature!
    [loaded]    com.apple.desktopservices.PagesConverterXPCService64 - Invalid signature!
    [loaded]    com.apple.dock.ecti - Invalid signature!
    [running]    com.apple.dock.extra - Invalid signature!
    [loaded]    com.apple.foundation.UserScriptService - Invalid signature!
    [loaded]    com.apple.hiservices-xpcservice - Invalid signature!
    [running]    com.apple.iCloudHelper - Invalid signature!
    [loaded]    com.apple.imdmessageservices.IMDMessageServicesAgent - Invalid signature!
    [loaded]    com.apple.imfoundation.IMRemoteURLConnectionAgent - Invalid signature!
    [loaded]    com.apple.imtranscoding.IMTranscoderAgent - Invalid signature!
    [loaded]    com.apple.imtransferservices.IMTransferAgent - Invalid signature!
    [loaded]    com.apple.launchctl.Aqua - Invalid signature!
    [loaded]    com.apple.launchctl.Background - Invalid signature!
    [loaded]    com.apple.launchctl.System - Invalid signature!
    [running]    com.apple.launchd.peruser.200 - Invalid signature!
    [loaded]    com.apple.launchd.peruser.202 - Invalid signature!
    [running]    com.apple.launchd.peruser.212 - Invalid signature!
    [loaded]    com.apple.launchd.peruser.26 - Invalid signature!
    [running]    com.apple.launchd.peruser.501 - Invalid signature!
    [running]    com.apple.launchd.peruser.502 - Invalid signature!
    [running]    com.apple.launchd.peruser.503 - Invalid signature!
    [running]    com.apple.launchd.peruser.504 - Invalid signature!
    [running]    com.apple.launchd.peruser.88 - Invalid signature!
    [running]    com.apple.launchd.peruser.89 - Invalid signature!
    [running]    com.apple.launchd.peruser.92 - Invalid signature!
    [loaded]    com.apple.locum.1DA873B4-0A53-49CB-BD49-E41D74A42B79 - Invalid signature!
    [loaded]    com.apple.locum.235A3BAE-03F3-4C5B-A9B6-19BC904C04C1 - Invalid signature!
    [loaded]    com.apple.locum.4B1FBA1C-871D-4263-A3CA-70DC73D6E1D7 - Invalid signature!
    [loaded]    com.apple.locum.D4AC0E00-CE96-4316-8BBB-2660ABAB02B3 - Invalid signature!
    [loaded]    com.apple.mdworker.32bit.01000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.mdworker.lsb.01000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.mdworker.shared.01000000-0000-0000-0000-000000000000 - Invalid signature!
    [running]    com.apple.mdworker.shared.02000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.mdworker.shared.03000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.mdworker.single.08000000-0000-0000-0000-000000000000 - Invalid signature!
    [loaded]    com.apple.qtkitserver - Invalid signature!
    [loaded]    com.apple.qtkittrustedmoviesservice - Invalid signature!
    [loaded]    com.apple.security.XPCKeychainSandboxCheck - Invalid signature!
    [loaded]    com.apple.security.XPCTimeStampingService - Invalid signature!
    [loaded]    com.apple.security.pboxd - Invalid signature!
    [loaded]    com.apple.speech.synthesis.activityd - Invalid signature!
    [running]    com.apple.xpcd.CA000000-0000-0000-0000-000000000000 - Invalid signature!
    [running]    com.apple.xpcd.F5010000-0000-0000-0000-000000000000 - Invalid signature!
    [running]    com.apple.xpcd.F6010000-0000-0000-0000-000000000000 - Invalid signature!
    [running]    com.github.norio-nomura.SIMBL-Agent
    [running]    com.parallels.vm.prl_naptd

Internet Plug-ins: (What does this mean?)
    Unity Web Player: Version: UnityPlayer version 4.5.5f1 - SDK 10.6 [Click for support]
    AdobeExManDetect: Version: AdobeExManDetect 1.1.0.0 - SDK 10.7 [Click for support]
    Flip4Mac WMV Plugin: Version: 2.4.4.2 [Click for support]
    WacomTabletPlugin: Version: WacomTabletPlugin 2.1.0.6 - SDK 10.9 [Click for support]
    AdobeAAMDetect: Version: 3.0.0.0 - SDK 10.9 [Click for support]
    FlashPlayer-10.6: Version: 19.0.0.226 - SDK 10.6 [Click for support]
    AdobePDFViewerNPAPI: Version: 11.0.0 - SDK 10.6 [Click for support]
    Flash Player: Version: 19.0.0.226 - SDK 10.6 [Click for support]
    QuickTime Plugin: Version: 7.7.1
    PepperFlashPlayer: Version: 18.0.0.232 - SDK 10.6 [Click for support]
    SharePointBrowserPlugin: Version: 14.5.5 - SDK 10.6 [Click for support]
    AdobePDFViewer: Version: 11.0.0 - SDK 10.6 [Click for support]
    JavaAppletPlugin: Version: 14.9.0 - SDK 10.7 Check version

3rd Party Preference Panes: (What does this mean?)
    Flash Player  [Click for support]
    Flip4Mac WMV  [Click for support]
    Microsoft Mouse  [Click for support]
    SneakPeek Pro  [Click for support]
    TimeMachineScheduler  [Click for support]
    WacomTablet  [Click for support]

Time Machine: (What does this mean?)
    Skip System Files: NO
    Mobile backups: ON
    Auto backup: YES
    Volumes being backed up:
        Macintosh_SSD: Disk size: 255.20 GB Disk used: 229.00 GB
    Destinations:
        TimeCapsule [Network] 
        Total size: 997.71 GB 
        Total number of backups: 27 
        Oldest backup: 14.02.15 15:36 
        Last backup: 29.10.15 22:20 
        Size of backup disk: Excellent
            Backup size 997.71 GB > (Disk size 255.20 GB X 3)

        backup_office [Local] 
        Total size: 999.86 GB 
        Total number of backups: 14 
        Oldest backup: 11.03.15 16:50 
        Last backup: 29.10.15 23:16 
        Size of backup disk: Excellent
            Backup size 999.86 GB > (Disk size 255.20 GB X 3)

Top Processes by CPU: (What does this mean?)
        13%    firefox
         5%    WindowServer
         4%    thunderbird
         3%    fontd(2)
         3%    UserNotificationCenter

Top Processes by Memory: (What does this mean?)
    549 MB    thunderbird
    541 MB    firefox
    311 MB    mds
    188 MB    Finder(2)
    131 MB    WindowServer

Virtual Memory Information: (What does this mean?)
    2.45 GB    Free RAM 
    5.55 GB    Used RAM 
    123 MB    Swap Used 

Diagnostics Information: (What does this mean?)
    Nov 1, 2015, 06:21:38 PM    /Library/Logs/DiagnosticReports/WacomTabletDriver_2015-11-01-182138_[redacted].crash
         
__________________

Alt 01.11.2015, 23:40   #4
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Nichts deutet auf eine Infektion hin.

Vorab eine Frage: Bist du Entwickler und schreibst Programme mit Xcode? Wenn nicht, hast du keine Möglichkeit zu prüfen welche Apps mit Xcodeghost infiziert sind. Die Prüfung der Apps erfolgt bereits im AppStore du kannst höchstens die Versionen prüfen (falls welche der unten im Link angezeigten apps bei dir vorhanden sind).

The list of affected apps and what you should do

Schritt 1

Prüfe folgende Verbindungen (mit LittleSnitch sollte es kein Problem sein).

Verbindungen die mit XCodeGhost geführt werden (url):

Zitat:
hxxp://init.icloud-analysis.com
Adressen die mit XCodeGhost geführt werden (in der Regel wird die Url nicht mehr aufgelöst)

Zitat:
AMAZON-AES - Amazon.com, Inc.,US - Adressen:
52.2.85.22
52.4.74.88
52.6.167.64

AMAZON-02 - Amazon.com, Inc.,US
52.68.131.221

AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC,US
104.238.125.92
Öffne dein Terminal und gebe folgendes ein:
Code:
ATTFilter
sudo lsof -i
         
Gebe dein Passwort ein, kopiere anschließend die Ausgabe und füge es hier ein.
Im nachfolgenden Lauf lasse die Ausgabe ca. 30 Zeilen laufen und beende es mit CTRL + C.
Code:
ATTFilter
sudo tcpdump -i en0
         
Kopiere die Ausgabe und füge es ebenfalls hier ein.
Mache das bitte auch mit dem nachfolgenden Ablauf:
Code:
ATTFilter
sudo tcpdump -i en1
         
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Alt 02.11.2015, 21:20   #5
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

as requested



ohne zu wissen, was genau ich hier tue ... ;-)

Eingabe von sudo lsof -i brachte dieses Ergebnis:

Code:
ATTFilter
COMMAND     PID              USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
launchd       1              root   20u  IPv4 0xec6869035982c5a7      0t0    UDP *:netbios-ns
launchd       1              root   21u  IPv4 0xec6869035982c407      0t0    UDP *:netbios-dgm
launchd       1              root   28u  IPv6 0xec6869035b1b8527      0t0    TCP localhost:ipp (LISTEN)
launchd       1              root   29u  IPv4 0xec6869035b1ba447      0t0    TCP localhost:ipp (LISTEN)
UserEvent    11              root  161u  IPv4 0xec6869035982ad47      0t0    UDP *:*
configd      17              root   11u  IPv6 0xec6869035982c267      0t0    UDP *:*
configd      17              root   19u  IPv4 0xec6869035982bbe7      0t0    UDP *:*
configd      17              root   23u  IPv4 0xec6869035982a1e7      0t0    UDP *:*
configd      17              root   25u  IPv4 0xec6869035982a047      0t0    UDP *:*
configd      17              root   27u  IPv4 0xec68690359829ea7      0t0    UDP *:*
configd      17              root   34u  IPv6 0xec6869035d35b5a7      0t0 ICMPV6 *:*
ntpd         41              root   20u  IPv4 0xec6869035982aee7      0t0    UDP *:ntp
ntpd         41              root   21u  IPv6 0xec6869035bc9f227      0t0    UDP *:ntp
ntpd         41              root   22u  IPv6 0xec6869035bcc7d87      0t0    UDP localhost:ntp
ntpd         41              root   23u  IPv4 0xec6869035bcc7be7      0t0    UDP localhost:ntp
ntpd         41              root   24u  IPv6 0xec6869035bcc7a47      0t0    UDP localhost:ntp
ntpd         41              root   25u  IPv6 0xec6869035bcc4cc7      0t0    UDP moonbase.local:ntp
ntpd         41              root   26u  IPv4 0xec6869035bcc7227      0t0    UDP 10.0.1.9:ntp
ntpd         41              root   29u  IPv4 0xec6869035982b567      0t0    UDP 10.211.55.2:ntp
ntpd         41              root   30u  IPv4 0xec6869035982b227      0t0    UDP 10.37.129.2:ntp
netbiosd     57          _netbios    3u  IPv4 0xec6869035982c407      0t0    UDP *:netbios-dgm
netbiosd     57          _netbios    4u  IPv4 0xec6869035982c5a7      0t0    UDP *:netbios-ns
mtmfs        58              root    4u  IPv4 0xec6869035d364447      0t0    TCP localhost:49152 (LISTEN)
mtmfs        58              root    6u  IPv4 0xec6869035d363cf7      0t0    TCP localhost:49153 (LISTEN)
mtmfs        58              root    7u  IPv4 0xec6869035ec85447      0t0    TCP localhost:49153->localhost:1023 (ESTABLISHED)
mDNSRespo    61    _mdnsresponder    8u  IPv4 0xec6869035982ba47      0t0    UDP *:mdns
mDNSRespo    61    _mdnsresponder    9u  IPv6 0xec6869035982b8a7      0t0    UDP *:mdns
mDNSRespo    61    _mdnsresponder   29u  IPv4 0xec6869035bc9fa47      0t0    UDP *:62618
mDNSRespo    61    _mdnsresponder   30u  IPv6 0xec686903696cc707      0t0    UDP *:62618
mDNSRespo    61    _mdnsresponder   35u  IPv4 0xec6869035bcc80c7      0t0    UDP *:65433
mDNSRespo    61    _mdnsresponder   36u  IPv6 0xec6869035bc9cb27      0t0    UDP *:65433
mDNSRespo    61    _mdnsresponder   37u  IPv4 0xec6869035bcc54e7      0t0    UDP *:60331
mDNSRespo    61    _mdnsresponder   38u  IPv6 0xec6869035bc9f567      0t0    UDP *:60331
mDNSRespo    61    _mdnsresponder   39u  IPv4 0xec68690359828e67      0t0    UDP *:59756
mDNSRespo    61    _mdnsresponder   40u  IPv6 0xec686903696cc3c7      0t0    UDP *:59756
mDNSRespo    61    _mdnsresponder   41u  IPv4 0xec6869035bcc8407      0t0    UDP *:64374
mDNSRespo    61    _mdnsresponder   42u  IPv6 0xec6869035bcc7f27      0t0    UDP *:64374
mDNSRespo    61    _mdnsresponder   44u  IPv4 0xec68690369ab7be7      0t0    UDP *:49663
mDNSRespo    61    _mdnsresponder   45u  IPv6 0xec68690359828cc7      0t0    UDP *:49663
mDNSRespo    61    _mdnsresponder   46u  IPv4 0xec6869035bc9ce67      0t0    UDP *:63266
mDNSRespo    61    _mdnsresponder   47u  IPv6 0xec686903696c9b27      0t0    UDP *:63266
mDNSRespo    61    _mdnsresponder   48u  IPv4 0xec686903598299c7      0t0    UDP *:59968
mDNSRespo    61    _mdnsresponder   49u  IPv6 0xec686903696ccf27      0t0    UDP *:59968
mDNSRespo    61    _mdnsresponder   50u  IPv4 0xec6869035bca0407      0t0    UDP *:55698
mDNSRespo    61    _mdnsresponder   51u  IPv6 0xec686903696cca47      0t0    UDP *:55698
mDNSRespo    61    _mdnsresponder   52u  IPv4 0xec6869035bc9ccc7      0t0    UDP *:64789
mDNSRespo    61    _mdnsresponder   53u  IPv6 0xec6869035bcc6a07      0t0    UDP *:64789
mDNSRespo    61    _mdnsresponder   54u  IPv4 0xec68690366799407      0t0    UDP *:56038
mDNSRespo    61    _mdnsresponder   55u  IPv6 0xec6869035bcc66c7      0t0    UDP *:56038
mDNSRespo    61    _mdnsresponder   56u  IPv4 0xec68690359829347      0t0    UDP *:56423
mDNSRespo    61    _mdnsresponder   57u  IPv6 0xec6869035bcc4987      0t0    UDP *:56423
mDNSRespo    61    _mdnsresponder   58u  IPv4 0xec686903667990c7      0t0    UDP *:54460
mDNSRespo    61    _mdnsresponder   59u  IPv6 0xec6869035bc9f8a7      0t0    UDP *:54460
mDNSRespo    61    _mdnsresponder   60u  IPv4 0xec6869035bc9ed47      0t0    UDP *:56331
mDNSRespo    61    _mdnsresponder   62u  IPv6 0xec68690369ab78a7      0t0    UDP *:56331
mDNSRespo    61    _mdnsresponder   63u  IPv4 0xec6869035bc9f707      0t0    UDP *:53107
mDNSRespo    61    _mdnsresponder   64u  IPv6 0xec6869035bc9fbe7      0t0    UDP *:53107
mDNSRespo    61    _mdnsresponder   65u  IPv4 0xec6869035982aa07      0t0    UDP *:60754
mDNSRespo    61    _mdnsresponder   66u  IPv6 0xec6869035d12b387      0t0    UDP *:60754
mDNSRespo    61    _mdnsresponder   67u  IPv4 0xec6869035d12ab67      0t0    UDP *:49958
mDNSRespo    61    _mdnsresponder   68u  IPv6 0xec686903696c97e7      0t0    UDP *:49958
mDNSRespo    61    _mdnsresponder   69u  IPv4 0xec68690369ab7a47      0t0    UDP *:64574
mDNSRespo    61    _mdnsresponder   70u  IPv6 0xec6869035d12aea7      0t0    UDP *:64574
mDNSRespo    61    _mdnsresponder   74u  IPv4 0xec6869035bcc59c7      0t0    UDP *:61797
mDNSRespo    61    _mdnsresponder   75u  IPv6 0xec68690359829007      0t0    UDP *:61797
mDNSRespo    61    _mdnsresponder   78u  IPv4 0xec6869035bcc6387      0t0    UDP *:58676
mDNSRespo    61    _mdnsresponder   79u  IPv4 0xec6869035982a527      0t0    UDP *:64522
mDNSRespo    61    _mdnsresponder   80u  IPv6 0xec6869035bcc5b67      0t0    UDP *:64522
mDNSRespo    61    _mdnsresponder   82u  IPv4 0xec6869035bcc6527      0t0    UDP *:56062
mDNSRespo    61    _mdnsresponder   83u  IPv6 0xec6869035bc9dd07      0t0    UDP *:56062
mDNSRespo    61    _mdnsresponder   84u  IPv6 0xec68690369ab80c7      0t0    UDP *:58676
mDNSRespo    61    _mdnsresponder   85u  IPv4 0xec6869035d12b527      0t0    UDP *:59946
mDNSRespo    61    _mdnsresponder   86u  IPv4 0xec6869035982b3c7      0t0    UDP *:58145
mDNSRespo    61    _mdnsresponder   97u  IPv6 0xec686903598291a7      0t0    UDP *:58145
mDNSRespo    61    _mdnsresponder   99u  IPv4 0xec68690366798a47      0t0    UDP *:52989
mDNSRespo    61    _mdnsresponder  100u  IPv6 0xec6869035bc9d1a7      0t0    UDP *:52989
mDNSRespo    61    _mdnsresponder  101u  IPv6 0xec686903696cbd47      0t0    UDP *:59946
mDNSRespo    61    _mdnsresponder  102u  IPv4 0xec6869035bc9e047      0t0    UDP *:58015
mDNSRespo    61    _mdnsresponder  103u  IPv6 0xec6869035bcc7707      0t0    UDP *:58015
xrdd         81              root    4u  IPv4 0xec6869035b1b9cf7      0t0    TCP *:apc-5454 (LISTEN)
xrdd         81              root   11u  IPv4 0xec6869035d48e447      0t0    TCP localhost:49154->localhost:apc-5454 (ESTABLISHED)
xrdd         81              root   12u  IPv4 0xec6869035d48dcf7      0t0    TCP localhost:apc-5454->localhost:49154 (ESTABLISHED)
UserEvent   330          username2    5u  IPv4 0xec6869035bcc6ba7      0t0    UDP *:*
apsd        360              root   10u  IPv4 0xec68690359e3e447      0t0    TCP 10.0.1.9:52111->17.110.228.79:5223 (ESTABLISHED)
SystemUIS   362          username2    6u  IPv4 0xec6869035bc9dea7      0t0    UDP *:*
NetworkBr   375          username2    5u  IPv4 0xec6869035982a6c7      0t0    UDP *:*
2BUA8C4S2   399          username2   16u  IPv4 0xec686903623f3cf7      0t0    TCP localhost:10191 (LISTEN)
2BUA8C4S2   399          username2   17u  IPv6 0xec686903623f5527      0t0    TCP localhost:10191 (LISTEN)
2BUA8C4S2   399          username2   18u  IPv4 0xec68690359a0ecf7      0t0    TCP localhost:6263 (LISTEN)
2BUA8C4S2   399          username2   19u  IPv6 0xec686903623f5147      0t0    TCP localhost:6263 (LISTEN)
1Password   419          username2    5u  IPv4 0xec68690365b9fcf7      0t0    TCP localhost:6258 (LISTEN)
1Password   419          username2    6u  IPv6 0xec6869035b1b8147      0t0    TCP localhost:6258 (LISTEN)
Dropbox     431          username2   15u  IPv4 0xec68690363af1cf7      0t0    TCP 192.168.2.101:49207->client.v.dropbox.com:https (CLOSE_WAIT)
Dropbox     431          username2   29u  IPv4 0xec6869035bcc5347      0t0    UDP *:17500
Dropbox     431          username2   34u  IPv4 0xec68690365bb3447      0t0    TCP 192.168.2.101:49215->server-54-192-47-49.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   35u  IPv4 0xec68690365bb2cf7      0t0    TCP 192.168.2.101:49216->server-54-192-47-49.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   39u  IPv4 0xec68690365c2e447      0t0    TCP localhost:26165 (LISTEN)
Dropbox     431          username2   40u  IPv4 0xec68690361e8e447      0t0    TCP 10.0.1.9:52091->snt-re4-6a.sjc.dropbox.com:https (ESTABLISHED)
Dropbox     431          username2   45u  IPv4 0xec6869036131ccf7      0t0    TCP 192.168.2.101:49226->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox     431          username2   47u  IPv4 0xec6869036f049cf7      0t0    TCP 10.0.1.9:51198->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   48u  IPv4 0xec68690361e8dcf7      0t0    TCP localhost:17600 (LISTEN)
Dropbox     431          username2   49u  IPv4 0xec68690365b43447      0t0    TCP *:17500 (LISTEN)
Dropbox     431          username2   52u  IPv4 0xec68690365de9cf7      0t0    TCP localhost:17603 (LISTEN)
Dropbox     431          username2   53u  IPv4 0xec68690366b47cf7      0t0    TCP 10.0.1.9:51199->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   54u  IPv4 0xec68690365c2dcf7      0t0    TCP 192.168.2.101:49272->ec2-54-83-196-114.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   55u  IPv4 0xec686903599efcf7      0t0    TCP 10.0.1.9:51305->ec2-54-164-136-234.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   56u  IPv4 0xec68690365dfecf7      0t0    TCP 10.0.1.9:51208->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   57u  IPv4 0xec68690369cc1cf7      0t0    TCP 192.168.2.101:49367->108.160.173.130:https (CLOSE_WAIT)
Dropbox     431          username2   58u  IPv4 0xec68690365dff447      0t0    TCP 10.0.1.9:51212->d.v.dropbox.com:https (CLOSED)
Dropbox     431          username2   59u  IPv4 0xec68690362436447      0t0    TCP 10.0.1.9:51215->ec2-52-4-211-236.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   60u  IPv4 0xec68690367500447      0t0    TCP 10.0.1.9:51217->45.58.74.33:https (CLOSE_WAIT)
Dropbox     431          username2   61u  IPv4 0xec6869036d710cf7      0t0    TCP 10.0.1.9:51491->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   62u  IPv4 0xec686903596afcf7      0t0    TCP 10.0.1.9:51497->45.58.74.33:https (CLOSE_WAIT)
Dropbox     431          username2   63u  IPv4 0xec686903606e4447      0t0    TCP 192.168.2.101:49714->server-54-192-47-212.fra6.r.cloudfront.net:https (ESTABLISHED)
Dropbox     431          username2   64u  IPv4 0xec6869035acf8447      0t0    TCP 10.0.1.9:51553->45.58.74.161:https (CLOSE_WAIT)
Dropbox     431          username2   65u  IPv4 0xec68690365b24cf7      0t0    TCP 10.0.1.9:51529->ec2-54-85-186-98.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   66u  IPv4 0xec686903674ffcf7      0t0    TCP 10.0.1.9:51552->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   67u  IPv4 0xec686903599f0447      0t0    TCP 10.0.1.9:51554->45.58.74.161:https (CLOSE_WAIT)
Dropbox     431          username2   68u  IPv4 0xec68690359f03447      0t0    TCP 10.0.1.9:51556->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   69u  IPv4 0xec686903674afcf7      0t0    TCP 192.168.2.101:58864->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   70u  IPv4 0xec68690369e86447      0t0    TCP 192.168.2.101:49826->d.v.dropbox.com:https (ESTABLISHED)
Dropbox     431          username2   71u  IPv4 0xec68690361d62447      0t0    TCP 10.0.1.9:54419->d.v.dropbox.com:https (CLOSED)
Dropbox     431          username2   72u  IPv4 0xec6869036f05f447      0t0    TCP 10.0.1.9:51567->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   73u  IPv4 0xec68690369da6447      0t0    TCP 10.0.1.9:51343->d.v.dropbox.com:https (CLOSED)
Dropbox     431          username2   74u  IPv4 0xec68690369db6cf7      0t0    TCP 10.0.1.9:52517->45.58.74.129:https (CLOSE_WAIT)
Dropbox     431          username2   75u  IPv4 0xec6869036131d447      0t0    TCP 10.0.1.9:51370->ec2-75-101-142-7.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   76u  IPv4 0xec6869035c898cf7      0t0    TCP 10.0.1.9:51396->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   77u  IPv4 0xec68690369cc2447      0t0    TCP 192.168.2.101:62075->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox     431          username2   78u  IPv4 0xec68690365dea447      0t0    TCP 192.168.2.101:59173->ec2-107-20-249-104.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   79u  IPv4 0xec68690363a6bcf7      0t0    TCP 10.0.1.9:54705->ec2-107-20-249-104.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   80u  IPv4 0xec68690362435cf7      0t0    TCP 10.0.1.9:54752->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   81u  IPv4 0xec68690361d8c447      0t0    TCP 192.168.2.101:59217->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox     431          username2   82u  IPv4 0xec6869036d717cf7      0t0    TCP 192.168.2.101:61227->server-54-230-203-127.fra50.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   83u  IPv4 0xec6869036f040cf7      0t0    TCP 10.0.1.9:51581->45.58.74.161:https (CLOSE_WAIT)
Dropbox     431          username2   84u  IPv4 0xec68690369db7447      0t0    TCP 192.168.2.101:55675->d.v.dropbox.com:https (CLOSE_WAIT)
Dropbox     431          username2   85u  IPv4 0xec68690361d16447      0t0    TCP 192.168.2.101:55715->ec2-107-20-173-188.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   86u  IPv4 0xec6869035c77ecf7      0t0    TCP 192.168.2.101:55734->server-54-192-47-212.fra6.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   87u  IPv4 0xec6869036ec40cf7      0t0    TCP 10.0.1.9:50929->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   88u  IPv4 0xec68690363af2447      0t0    TCP 10.0.1.9:49627->d.v.dropbox.com:https (CLOSED)
Dropbox     431          username2   89u  IPv4 0xec6869035f139447      0t0    TCP 192.168.2.101:62270->ec2-75-101-155-223.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   90u  IPv4 0xec68690363a6c447      0t0    TCP 10.0.1.9:51572->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   91u  IPv4 0xec6869035a1cdcf7      0t0    TCP 10.0.1.9:51612->ec2-52-2-162-113.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   92u  IPv4 0xec686903674b0447      0t0    TCP 10.0.1.9:50947->ec2-52-3-177-7.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   93u  IPv4 0xec68690367e95447      0t0    TCP 10.0.1.9:51662->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   94u  IPv4 0xec6869035a1dfcf7      0t0    TCP 10.0.1.9:51663->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   95u  IPv4 0xec68690369da5cf7      0t0    TCP 10.0.1.9:51684->ec2-52-21-179-203.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   96u  IPv4 0xec6869035b55fcf7      0t0    TCP 10.0.1.9:52019->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   97u  IPv4 0xec68690359e77447      0t0    TCP 10.0.1.9:52145->ec2-107-23-52-105.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2   98u  IPv4 0xec686903623f6447      0t0    TCP 10.0.1.9:52164->server-54-230-94-125.fra2.r.cloudfront.net:https (CLOSE_WAIT)
Dropbox     431          username2   99u  IPv4 0xec6869035c5c7447      0t0    TCP 10.0.1.9:52218->ec2-52-4-109-5.compute-1.amazonaws.com:https (CLOSE_WAIT)
Dropbox     431          username2  100u  IPv4 0xec68690359a0f447      0t0    TCP 10.0.1.9:52223->d.v.dropbox.com:https (CLOSED)
Copy        433          username2   24u  IPv4 0xec68690365b25447      0t0    TCP *:8445 (LISTEN)
Copy        433          username2   25u  IPv4 0xec6869035bcc6d47      0t0    UDP *:8445
Copy        433          username2   30u  IPv4 0xec6869035f633447      0t0    TCP 10.0.1.9:52383->barracuda.com:https (ESTABLISHED)
blued      3189              root    4u  IPv4 0xec6869035982bd87      0t0    UDP *:*
thunderbi  6093          username2   17u  IPv4 0xec6869035acf7cf7      0t0    TCP localhost:6000 (LISTEN)
thunderbi  6093          username2   22u  IPv4 0xec6869036f05ecf7      0t0    TCP 10.0.1.9:52121->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   28u  IPv4 0xec6869036d711447      0t0    TCP 10.0.1.9:52124->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   30u  IPv4 0xec6869035fa09cf7      0t0    TCP 10.0.1.9:52131->wk-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi  6093          username2   33u  IPv4 0xec68690361d15cf7      0t0    TCP 10.0.1.9:52221->imap.gmx.net:imaps (ESTABLISHED)
thunderbi  6093          username2   40u  IPv4 0xec6869036e6e3447      0t0    TCP 10.0.1.9:52157->dd2209876.kasserver.com:imaps (ESTABLISHED)
thunderbi  6093          username2   41u  IPv4 0xec68690359e42447      0t0    TCP 10.0.1.9:52153->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   45u  IPv4 0xec6869036f04a447      0t0    TCP 10.0.1.9:52129->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   49u  IPv4 0xec6869035ec84cf7      0t0    TCP 10.0.1.9:52130->imap.web.de:imaps (ESTABLISHED)
thunderbi  6093          username2   51u  IPv4 0xec68690359e3dcf7      0t0    TCP 10.0.1.9:52158->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi  6093          username2   53u  IPv4 0xec6869035c5c6cf7      0t0    TCP 10.0.1.9:52135->dd2209876.kasserver.com:imaps (ESTABLISHED)
thunderbi  6093          username2   56u  IPv4 0xec6869036f025447      0t0    TCP 10.0.1.9:52132->imap.gmx.net:imaps (ESTABLISHED)
thunderbi  6093          username2   60u  IPv4 0xec6869036f018447      0t0    TCP 10.0.1.9:52133->imap5a.mail.vip.ir2.yahoo.com:imaps (CLOSE_WAIT)
thunderbi  6093          username2   61u  IPv4 0xec686903606e3cf7      0t0    TCP 10.0.1.9:52159->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi  6093          username2   63u  IPv4 0xec6869036e6e2cf7      0t0    TCP 10.0.1.9:52134->email03.t-online.de:imaps (ESTABLISHED)
thunderbi  6093          username2   70u  IPv4 0xec68690369e85cf7      0t0    TCP 10.0.1.9:52150->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   71u  IPv4 0xec6869036d718447      0t0    TCP 10.0.1.9:52136->dd2209876.kasserver.com:imap (ESTABLISHED)
thunderbi  6093          username2   72u  IPv4 0xec6869036f041447      0t0    TCP 10.0.1.9:52146->imap.gmx.net:imaps (ESTABLISHED)
thunderbi  6093          username2   75u  IPv4 0xec686903623f5cf7      0t0    TCP 10.0.1.9:52142->imap.gmx.net:imaps (ESTABLISHED)
thunderbi  6093          username2   76u  IPv4 0xec68690359f02cf7      0t0    TCP 10.0.1.9:52154->dd2209876.kasserver.com:imap (ESTABLISHED)
thunderbi  6093          username2   77u  IPv4 0xec68690361d61cf7      0t0    TCP 10.0.1.9:52151->134.119.18.26:imaps (ESTABLISHED)
thunderbi  6093          username2   90u  IPv4 0xec686903613d3447      0t0    TCP 10.0.1.9:52160->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi  6093          username2  102u  IPv4 0xec68690359e39cf7      0t0    TCP 10.0.1.9:52152->imap.web.de:imaps (CLOSE_WAIT)
thunderbi  6093          username2  105u  IPv4 0xec686903596b0447      0t0    TCP 10.0.1.9:52161->wl-in-f16.1e100.net:imaps (ESTABLISHED)
thunderbi  6093          username2  107u  IPv4 0xec6869035c899447      0t0    TCP 10.0.1.9:52162->email00.t-online.de:imaps (ESTABLISHED)
thunderbi  6093          username2  109u  IPv4 0xec6869036f017cf7      0t0    TCP 10.0.1.9:52163->imap11.mail.vip.ir2.yahoo.com:imaps (CLOSE_WAIT)
thunderbi  6093          username2  110u  IPv4 0xec68690361f7f447      0t0    TCP 10.0.1.9:52219->134.119.18.26:imaps (ESTABLISHED)
firefox   11403          username2   47u  IPv4 0xec686903623f4447      0t0    TCP 10.0.1.9:49493->fra02s27-in-f1.1e100.net:http (CLOSED)
firefox   11403          username2   49u  IPv4 0xec68690367e94cf7      0t0    TCP 10.0.1.9:49476->fra02s27-in-f14.1e100.net:http (CLOSED)
firefox   11403          username2   51u  IPv4 0xec68690361790cf7      0t0    TCP 10.0.1.9:49394->muc03s13-in-f10.1e100.net:https (CLOSE_WAIT)
firefox   11403          username2   52u  IPv4 0xec6869035c598447      0t0    TCP 10.0.1.9:49404->74.125.162.244:https (CLOSED)
firefox   11403          username2   62u  IPv4 0xec6869035e942447      0t0    TCP 10.0.1.9:52410->ber01s09-in-f3.1e100.net:https (ESTABLISHED)
firefox   11403          username2   66u  IPv4 0xec68690359e41cf7      0t0    TCP 10.0.1.9:49346->fra02s17-in-f14.1e100.net:https (CLOSE_WAIT)
firefox   11403          username2   67u  IPv4 0xec6869035a1e0447      0t0    TCP 10.0.1.9:49399->fra02s18-in-f9.1e100.net:https (CLOSE_WAIT)
firefox   11403          username2   75u  IPv4 0xec68690367554cf7      0t0    TCP 10.0.1.9:49494->fra02s27-in-f17.1e100.net:https (CLOSE_WAIT)
firefox   11403          username2   89u  IPv4 0xec68690359721447      0t0    TCP 10.0.1.9:52411->fra07s28-in-f14.1e100.net:https (ESTABLISHED)
locationd 12011        _locationd    4u  IPv4 0xec6869035d12b047      0t0    UDP *:*
UserEvent 12018 	root    4u  IPv4 0xec686903696cd267      0t0    UDP *:*
SystemUIS 12031 	root    7u  IPv4 0xec6869035982a387      0t0    UDP *:*
NetworkBr 12081 	root    5u  IPv4 0xec6869035bc9d4e7      0t0    UDP *:*
master    13609              root   13u  IPv4 0xec68690365b42cf7      0t0    TCP localhost:smtp (LISTEN)
master    13609              root   14u  IPv6 0xec6869035f31ad67      0t0    TCP localhost:smtp (LISTEN)
master    13609              root   26u  IPv4 0xec6869035e0d8cf7      0t0    TCP localhost:submission (LISTEN)
master    13609              root   27u  IPv6 0xec6869035f31b527      0t0    TCP localhost:submission (LISTEN)
         
++++

Eingabe von sudo tcpdump -i en1 -v

(sudo tcpdump -i en0 klappte nicht, da mein Rechner aktuell nicht per Ethnernet verbunden ist.)

Ausgabe:

Code:
ATTFilter
tcpdump: listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
21:13:53.052723 IP (tos 0x0, ttl 255, id 49382, offset 0, flags [none], proto UDP (17), length 71)
    10.0.1.9.64522 > 10.0.1.1.domain: 48526+ A? e3191.dscc.akamaiedge.net. (43)
21:13:53.052929 IP (tos 0x0, ttl 255, id 18333, offset 0, flags [none], proto UDP (17), length 64)
    10.0.1.9.52989 > 10.0.1.1.domain: 4423+ A? www.wip4.adobe.com. (36)
21:13:53.055951 IP (tos 0x0, ttl 54, id 8505, offset 0, flags [none], proto TCP (6), length 52)
    imap.gmx.net.imaps > 10.0.1.9.52221: Flags [.], cksum 0x7c52 (correct), ack 2323796273, win 61, options [nop,nop,TS val 1477583104 ecr 894829964], length 0
21:13:53.056029 IP (tos 0x0, ttl 64, id 64495, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52221 > imap.gmx.net.imaps: Flags [.], cksum 0x7f47 (correct), ack 1, win 8192, options [nop,nop,TS val 895009479 ecr 1477132560], length 0
21:13:53.070448 IP (tos 0x0, ttl 64, id 4603, offset 0, flags [none], proto UDP (17), length 87)
    10.0.1.1.domain > 10.0.1.9.64522: 48526 1/0/0 e3191.dscc.akamaiedge.net. A 104.84.226.99 (59)
21:13:53.075018 IP (tos 0x0, ttl 64, id 4604, offset 0, flags [none], proto UDP (17), length 80)
    10.0.1.1.domain > 10.0.1.9.52989: 4423 1/0/0 www.wip4.adobe.com. A 193.104.215.61 (52)
21:13:53.497392 IP (tos 0x0, ttl 55, id 13910, offset 0, flags [none], proto TCP (6), length 52)
    imap.gmx.net.imaps > 10.0.1.9.52146: Flags [.], cksum 0x5901 (correct), ack 2547054969, win 73, options [nop,nop,TS val 1474983680 ecr 894829963], length 0
21:13:53.497517 IP (tos 0x0, ttl 64, id 47600, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52146 > imap.gmx.net.imaps: Flags [.], cksum 0x5af8 (correct), ack 1, win 8192, options [nop,nop,TS val 895009920 ecr 1474532960], length 0
21:13:53.508258 IP (tos 0x0, ttl 255, id 34733, offset 0, flags [none], proto UDP (17), length 67)
    10.0.1.9.56288 > 10.0.1.1.domain: 64446+ PTR? 9.1.0.10.in-addr.arpa. (39)
21:13:53.510691 IP (tos 0x0, ttl 64, id 4607, offset 0, flags [none], proto UDP (17), length 67)
    10.0.1.1.domain > 10.0.1.9.56288: 64446 NXDomain* 0/0/0 (39)
21:13:53.511903 IP (tos 0x0, ttl 255, id 20966, offset 0, flags [none], proto UDP (17), length 67)
    10.0.1.9.61967 > 10.0.1.1.domain: 211+ PTR? 1.1.0.10.in-addr.arpa. (39)
21:13:53.514199 IP (tos 0x0, ttl 64, id 4610, offset 0, flags [none], proto UDP (17), length 67)
    10.0.1.1.domain > 10.0.1.9.61967: 211 NXDomain* 0/0/0 (39)
21:13:55.648078 IP (tos 0x0, ttl 44, id 10426, offset 0, flags [none], proto TCP (6), length 52)
    wk-in-f16.1e100.net.imaps > 10.0.1.9.52131: Flags [F.], cksum 0xbf69 (correct), seq 1655612367, ack 3435925088, win 341, options [nop,nop,TS val 554148140 ecr 892594640], length 0
21:13:55.648217 IP (tos 0x0, ttl 64, id 61627, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52131 > wk-in-f16.1e100.net.imaps: Flags [.], cksum 0xbd84 (correct), ack 1, win 8192, options [nop,nop,TS val 895012069 ecr 554148140], length 0
21:13:57.653990 IP (tos 0x0, ttl 64, id 52152, offset 0, flags [none], proto TCP (6), length 40)
    10.0.1.9.51497 > 45.58.74.33.https: Flags [R.], cksum 0x7eba (correct), seq 1772188646, ack 2879470244, win 8192, length 0
21:13:58.522908 IP (tos 0x0, ttl 255, id 11995, offset 0, flags [none], proto UDP (17), length 70)
    10.0.1.9.49285 > 10.0.1.1.domain: 10371+ PTR? 33.74.58.45.in-addr.arpa. (42)
21:13:58.526900 IP (tos 0x0, ttl 64, id 4614, offset 0, flags [none], proto UDP (17), length 70)
    10.0.1.1.domain > 10.0.1.9.49285: 10371 NXDomain* 0/0/0 (42)
21:14:00.094671 IP (tos 0x0, ttl 64, id 63902, offset 0, flags [none], proto TCP (6), length 52)
    10.0.1.9.51553 > 45.58.74.161.https: Flags [F.], cksum 0x4e43 (correct), seq 3012792720, ack 5924794, win 8192, options [nop,nop,TS val 895016511 ecr 1006943651], length 0
21:14:00.530116 IP (tos 0x0, ttl 255, id 49039, offset 0, flags [none], proto UDP (17), length 71)
    10.0.1.9.60468 > 10.0.1.1.domain: 19952+ PTR? 161.74.58.45.in-addr.arpa. (43)
21:14:00.534307 IP (tos 0x0, ttl 64, id 4615, offset 0, flags [none], proto UDP (17), length 71)
    10.0.1.1.domain > 10.0.1.9.60468: 19952 NXDomain* 0/0/0 (43)
21:14:01.177270 IP (tos 0x0, ttl 53, id 8244, offset 0, flags [none], proto TCP (6), length 98)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xfac3 (correct), seq 1354204013:1354204059, ack 550831693, win 122, options [nop,nop,TS val 805226688 ecr 894898053], length 46
21:14:01.177366 IP (tos 0x0, ttl 64, id 54700, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd78b (correct), ack 46, win 8189, options [nop,nop,TS val 895017589 ecr 805226688], length 0
21:14:01.181581 IP (tos 0x0, ttl 64, id 14492, offset 0, flags [DF], proto TCP (6), length 87)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x51c1 (correct), seq 1:36, ack 46, win 8192, options [nop,nop,TS val 895017593 ecr 805226688], length 35
21:14:01.210140 IP (tos 0x0, ttl 53, id 13081, offset 0, flags [none], proto TCP (6), length 104)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xf5da (correct), seq 46:98, ack 36, win 122, options [nop,nop,TS val 805226752 ecr 895017593], length 52
21:14:01.210236 IP (tos 0x0, ttl 64, id 45782, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd6d5 (correct), ack 98, win 8188, options [nop,nop,TS val 895017621 ecr 805226752], length 0
21:14:01.211284 IP (tos 0x0, ttl 64, id 3221, offset 0, flags [DF], proto TCP (6), length 91)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0xd37b (correct), seq 36:75, ack 98, win 8192, options [nop,nop,TS val 895017622 ecr 805226752], length 39
21:14:01.240796 IP (tos 0x0, ttl 53, id 1509, offset 0, flags [none], proto TCP (6), length 105)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0x826a (correct), seq 98:151, ack 75, win 122, options [nop,nop,TS val 805226782 ecr 895017622], length 53
21:14:01.240910 IP (tos 0x0, ttl 64, id 47068, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd63d (correct), ack 151, win 8188, options [nop,nop,TS val 895017651 ecr 805226782], length 0
21:14:01.241506 IP (tos 0x0, ttl 64, id 34189, offset 0, flags [DF], proto TCP (6), length 123)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x16a8 (correct), seq 75:146, ack 151, win 8192, options [nop,nop,TS val 895017651 ecr 805226782], length 71
21:14:01.279413 IP (tos 0x0, ttl 53, id 14536, offset 0, flags [none], proto TCP (6), length 199)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xc894 (correct), seq 151:298, ack 146, win 122, options [nop,nop,TS val 805226821 ecr 895017651], length 147
21:14:01.279530 IP (tos 0x0, ttl 64, id 5076, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd51c (correct), ack 298, win 8182, options [nop,nop,TS val 895017689 ecr 805226821], length 0
21:14:01.280249 IP (tos 0x0, ttl 64, id 38067, offset 0, flags [DF], proto TCP (6), length 107)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x4741 (correct), seq 146:201, ack 298, win 8192, options [nop,nop,TS val 895017689 ecr 805226821], length 55
21:14:01.318915 IP (tos 0x0, ttl 53, id 8385, offset 0, flags [none], proto TCP (6), length 148)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0x9930 (correct), seq 298:394, ack 201, win 122, options [nop,nop,TS val 805226861 ecr 895017689], length 96
21:14:01.319014 IP (tos 0x0, ttl 64, id 709, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd433 (correct), ack 394, win 8186, options [nop,nop,TS val 895017727 ecr 805226861], length 0
21:14:01.324871 IP (tos 0x0, ttl 64, id 34456, offset 0, flags [DF], proto TCP (6), length 90)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [P.], cksum 0x819d (correct), seq 201:239, ack 394, win 8192, options [nop,nop,TS val 895017732 ecr 805226861], length 38
21:14:01.351365 IP (tos 0x0, ttl 53, id 14250, offset 0, flags [none], proto TCP (6), length 91)
    134.119.18.26.imaps > 10.0.1.9.52151: Flags [P.], cksum 0xd662 (correct), seq 394:433, ack 239, win 122, options [nop,nop,TS val 805226893 ecr 895017732], length 39
21:14:01.351458 IP (tos 0x0, ttl 64, id 29387, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52151 > 134.119.18.26.imaps: Flags [.], cksum 0xd3a4 (correct), ack 433, win 8189, options [nop,nop,TS val 895017758 ecr 805226893], length 0
21:14:01.541187 IP (tos 0x0, ttl 255, id 19414, offset 0, flags [none], proto UDP (17), length 72)
    10.0.1.9.59933 > 10.0.1.1.domain: 875+ PTR? 26.18.119.134.in-addr.arpa. (44)
21:14:01.544139 IP (tos 0x0, ttl 64, id 4616, offset 0, flags [none], proto UDP (17), length 72)
    10.0.1.1.domain > 10.0.1.9.59933: 875 NXDomain* 0/0/0 (44)
21:14:02.098994 IP (tos 0x0, ttl 53, id 32524, offset 0, flags [none], proto TCP (6), length 98)
    134.119.18.26.imaps > 10.0.1.9.52150: Flags [P.], cksum 0x48ad (correct), seq 3254153786:3254153832, ack 1293335775, win 122, options [nop,nop,TS val 805227404 ecr 894898762], length 46
21:14:02.099115 IP (tos 0x0, ttl 64, id 25498, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.9.52150 > 134.119.18.26.imaps: Flags [.], cksum 0x8e50 (correct), ack 46, win 8189, options [nop,nop,TS val 895018501 ecr 805227404], length 0
         
zu Schritt 1 noch, Überprüfung von URL mit little snitch:

Da ist mir leider nicht genau klar, was ich wo wie tun soll.
Vielleicht kannst Du mir das nochmal genauer erklären?
Ich habe das Programm zwar hier, aber wie kann ich damit URL-Aufrufe überprüfen?

Danke


Alt 02.11.2015, 22:53   #6
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Im ersten Log werden alle aktuellen Verbindung angezeigt inklusive Anwendungen. Im zweiten (tcpdump) ist quasi der Live-Modus, alle aktiven Verbindung werden sofort angezeigt.

Du musst keine Url etc Prüfen. Anhand der IPs und Url die ich oben geschrieben habe, brauchst du nur bei Little Snitch nachschauen ob du dort identische Adressen findest.

Da aber deine Logs keinerlei Hinweise aufzeigen wirst du wahrscheinlich dort auch nichts finden. Ich vermute mal (wie in den meisten solcher Fälle) das die Telekom-Server gehackt wurden. Das ist ein großes Problem da weder die Telekom noch der End-User dieses Problem bisher in den Griff bekommen können.


Schritt 2
  • Wenn nicht schon getan ändere dein WLAN-Schlüssel
  • Wie von der Telekom beschrieben ändere alle Passwörter und Zugänge
  • Melde dich von allen Apple-Diensten ab (iTunes, iCloud, iBooks, AppStore usf.)
  • Besuche die Apple ID Seite, Log dich ein und ändere das Passwort und die Sicherheitsfragen falls nötig.
  • Anschließend kannst du dich wieder mit dem neuen Passwort bei den Apple-Diensten anmelden.

Schritt 3

Gegencheck mit Malwarebytes

  • Lade dir bitte MalwareBytes for Mac herunter.
  • Öffne das DMG und verschiebe die APP in den Programm-Ordner.
  • Programm starten und klicke auf Scan. Gefundene Malware wird in den Papierkorb verschoben.
  • In Malwarebytes gehe in das Menü Scanner und anschliessend zu Take System Snapshot. Das Menü oben auf dein Bildschirm siehst du nur wenn die Anwendung aktiv ist.
  • Kopiere den Inhalt des Fensters und füge es hier ein. Wenn möglich in Code-Tags siehe unten
__________________
--> Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?

Alt 03.11.2015, 21:32   #7
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Hallo Dante,

ich bin alle Schritte durchgegangen.

MalwareBytes hat nichts gefunden
Die Funktione "Take Snapshot" jedoch blieb ohne Wirkung. Nach Klick darauf passierte (vordergründig) nichts ...

Gutes Zeichen? Oder ein Fehler?
Ich habe die aktuellste Version für mein System installiert.

Danke bisher auf jeden Fall.

Alt 03.11.2015, 21:44   #8
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Normalweise dauert es eine Weile und dann erscheint ein Fenster mit dem Log. Versuche es nochmal bitte. Denk dran nicht den "Button" Scanner sondern oben in der Menüleiste unter "Scanner -> Take System Snapshot".
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Alt 08.11.2015, 10:44   #9
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Heute kein Snapshot für Dich



Hallo Dante,

ich habe leider keinen Snapshot ... Zweimal habe ich den Mac ca. 1h laufen lassen, ohne dass sichtbar irgendwas passierte oder ein Snapshot erschien. Wird der evtl. irgendwo einfach abgespeichert ohne sichtbares Feedback?

Danke für Deine Hilfe
D-O-M

Alt 08.11.2015, 12:33   #10
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Erklär doch bitte was du genau gemacht hast Schritt für Schritt.

Hat Malwawerbytes bei den Scan was gefunden?
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Alt 08.11.2015, 13:03   #11
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Malwarebytes hat nichts gefunden



Was ich gemacht habe:
- Ins Adminkonto meines Rechners gewechselt (ich nutze zwei Konten)
- Malwarebytes heruntergeladen und installiert als Admin
- Programm aufgerufen, dabei hat MW zuerst seine Siganturen aktualisiert
- Im Bedienfenster auf SCAN geklickt (nicht in der Menüleiste)
-> Scan läuft durch und sagt: Nix gefunden (siehe Screenshot)
HTML-Code:
hxxp://imgur.com/vT5RWS1
- Im Menü >Scanner>Take System Snaphot aufgerufen
- Gewartet …
- Gewartet …
- Gewartet …
- …

So weit bin ich also.

Alt 08.11.2015, 13:10   #12
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Für den Scan musst du das Konto benutzen mit dem du immer arbeitest. Versuche dann den Snapshot nicht mit deinem Admin-Konto auszuführen.
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Alt 08.11.2015, 13:21   #13
weberchen
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Zitat:
Zitat von D-O-M Beitrag anzeigen
Problem: Die Telekom Techniker konnten nur die Infektion feststellen, aber keine Empfehlung zur Behebung geben. Es wird einzig der Name der Bedrohung aufgelistet und diese Empfehlung ausgesprochen...
1.) Kann ich mir nicht vorstellen, das Du einen Infekt auf dem MAC hast.
2.) Es gab mal eine kurze Zeit, im Telekom-Bereich eine Standard Email vom Abuse Team die gefälscht war.
3.) Kommt es dann auch darauf an, mit welcher Hotline Du telefoniert hast. Meistens sitzen dort auch nur Unerfahrene und erzählen einfach was sie gehört oder gelesen haben.
4.) Und wenn ein Check des MAC's nichts gefunden hat, würde ich es als Bestätigung sehen.

Berichte bitte weiter...

Alt 08.11.2015, 13:47   #14
D-O-M
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Zweiter Scan auch ergebnislos



Hallo Dante12, hallo weberchen,

ich vergaß zu erwähnen, dass ich den Scan auch mit dem “normalen“ Benutzerkonto wiederholt hatte - mit dem gleichen Ergebnis: Weder Scan noch TakeSnapshot haben irgendwas Relevantes angezeigt.

Ich danke also an der Stelle für Euren unermüdlichen Einsatz und schließe meine Anfrage. Die Mails der Telekom scheinen ohne erkennbaren Grund oder reale Bedrohung ausgesendet worden zu sein. Verwunderlich in dem Zusammenhang bleibt nur der Abstand der beiden Mails. Scheint fast so, als ob die Telekom öfter mal “gehakt“ würde …

Einen schönen Sonntag Euch noch
D-O-M

Alt 08.11.2015, 14:14   #15
Dante12
/// Mac Expert
 
Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Standard

Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?



Alles Klar

Falls es noch Probleme gibt bitte Melden.

Wenn du MBAM und EtreCheck deinstallieren möchtest siehe unten. Möglich das einige dort aufgeführte Einträge nicht vorhanden sind - ist aber ok.


EtreCheck entfernen
  1. Verschiebe die App aus dem Programm-Ordner in den Papierkorb
  2. Lösche die markierten Ordner / Dateien in den folgenden Verzeichnissen. Kopiere den Pfad aus der Code-Box und setzte es in Spotlight ein. Drücke Enter um es zu öffnen.
  3. Code:
    ATTFilter
    ~/Library/Caches/
             
  4. Lösche com.etresoft.EtreCheck
  5. Code:
    ATTFilter
    ~/Library/Preferences/
             
  6. Lösche com.etresoft.EtreCheck.plist




MalwareBytes deinstallieren
  1. Öffne dein Progammordner und verschiebe Malwarebytes Anti-Malware in den Papierkorb
  2. Öffne Spotlight (CMD + Space) und kopiere die nachfolgenden Verzeichnisspfade einzeln hinein. Drücke Enter um es zu öffnen.
  3. Code:
    ATTFilter
    ~/Library/Caches/
             
  4. Lösche: com.malwarebytes.antimalware
  5. Code:
    ATTFilter
    ~/Library/Application Support/
             
  6. Lösche die Ordner Malwarebytes Anti-Malware und com.malwarebytes.antimalware
  7. Code:
    ATTFilter
    ~/Library/Preferences
             
  8. Lösche com.malwarebytes.antimalware.plist
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Antwort

Themen zu Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?
adware, center, computer, ebanking, ebay, einstellungen, entfernen, eu-cleaner von botfrei, folge, infektion, internet, links, mac, mac osx, malwarebytes, neue, onlinebanking, passwort, passwörter, programme, prüfen, schadsoftware apt, seite, sicherheit, telekom, tipps, tools, viren, wichtig, xcodeghost



Ähnliche Themen: Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. offener NETBIOS-Dienst(Telekom Abuse Team) wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2015 (3)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Telekom Abuse Team - generic Trojaner/Virus
    Log-Analyse und Auswertung - 03.06.2015 (37)
  5. Win 7 - Verdacht auf Zeus / ZBot laut Telekom Abuse Team
    Log-Analyse und Auswertung - 17.05.2015 (31)
  6. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  7. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  9. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  10. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  11. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  12. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  13. Brief von Telekom Abuse Team wegen Verdachts auf Hacking
    Log-Analyse und Auswertung - 14.07.2013 (24)
  14. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  15. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)

Zum Thema Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? - Hallo liebe Forumsteilnehmer und Experten, mein Mac (ja, richtig, ein Mac) scheint befallen zu sein mit Schadsoftware. Dies geht aus zwei offiziellen Infomails des Deutsche Telekom Abuse-Team hervor, die ich - Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen?...
Archiv
Du betrachtest: Mac befallen laut Telekom Abuse-Team: Wie APT und xcodeghost erkennen & entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.