| |
| |||||||
Alles rund um Mac OSX & Linux: Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert?Windows 7 Für alle Fragen rund um Mac OSX, Linux und andere Unix-Derivate. |
 |
09.04.2017, 16:43
| #1 |
| |  Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Hallo, ich habe auf einen Link in einer DHL Fake-Email geklickt. Daraufhin wurde folgende Datei heruntergeladen: DHL_Report_4679840701_Mi_April_05_2017.js Ich habe diese Datei mit Doppelklick gestartet. Daraufhin öffnete sich ein Textfenster mit wirren Zeichen. Dies habe ich wieder geschlossen. Dann habe ich die Datei auf einen USB-Stick gezogen und vom Rechner gelöscht. Ebenso habe ich den Rechner sicherheitshalber vom Internet getrennt. Ich habe noch keine weiteren Analyse-Tools genutzt, oder Logs erstellt. Wie kann ich herausfinden, ob ich mir einen Trojaner/ Virus, etc. eingefangen habe? Mein Rechner ist ein Macbook pro mit OS X 10.11.6. Für hilfreiche Hinweise wäre ich sehr dankbar! |
|
10.04.2017, 10:31
| #2 |
| /// Mac Expert    | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Mein Name ist Dante12 und ich versuche dir bei deinem Problem zu helfen so gut ich kann. Bitte arbeite so lange mit, bis ich dir mein Ok gebe. Beachte folgende Punkte damit die Arbeit nicht unnötig erschwert wird.
EtreCheck installieren
 Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.04.2017, 18:15
| #3 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert?Code:
ATTFilter EtreCheck version: 3.1.5 (343)
Report generated 2017-04-10 19:07:11
Download EtreCheck from https://etrecheck.com
Runtime 1:29
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: No problem - just checking
Hardware Information: ⓘ
MacBook Pro (Retina, 15-inch, Mid 2015)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro11,5
1 2,5 GHz Intel Core i7 (i7-4870HQ) CPU: 4-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 226
Video Information: ⓘ
AMD Radeon R9 M370X - VRAM: 2048 MB
Intel Iris Pro
Color LCD 2880 x 1800
System Software: ⓘ
OS X El Capitan 10.11.6 (15G1217) - Time since boot: about 11 hours
Disk Information: ⓘ
APPLE SSD SM0512G disk0 : (500,28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / [Startup]: 499.06 GB (239.48 GB free)
Core Storage: disk0s2 499.42 GB Online
USB Information: ⓘ
Apple Inc. Apple Internal Keyboard / Trackpad
Broadcom Corp. Bluetooth USB Host Controller
Thunderbolt Information: ⓘ
Apple Inc. thunderbolt_bus
Gatekeeper: ⓘ
Mac App Store and identified developers
Kernel Extensions: ⓘ
/System/Library/Extensions
[not loaded] com.ni.Fantom.nxtfwdl (1.1.1 - 2017-03-24) [Support]
[not loaded] jp.co.roland.RDUSB0010Dev (1.0.0 - 2017-03-24) [Support]
[not loaded] jp.co.roland.RDUSB0033Dev (1.0.0 - 2017-03-24) [Support]
[not loaded] jp.co.roland.RDUSB008BDev (1.0.0 - 2017-03-24) [Support]
Startup Items: ⓘ
Fantom: Path: /Library/StartupItems/Fantom
Startup items no longer function in OS X Yosemite or later
System Launch Agents: ⓘ
[not loaded] 7 Apple tasks
[loaded] 160 Apple tasks
[running] 72 Apple tasks
System Launch Daemons: ⓘ
[not loaded] 47 Apple tasks
[loaded] 157 Apple tasks
[running] 86 Apple tasks
Launch Agents: ⓘ
[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (2017-01-19) [Support]
[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2016-11-26) [Support]
Launch Daemons: ⓘ
[loaded] com.adobe.ARMDC.Communicator.plist (2017-01-19) [Support]
[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (2017-01-19) [Support]
[loaded] com.adobe.fpsaud.plist (2017-02-28) [Support]
[loaded] com.google.keystone.daemon.plist (2017-01-24) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2012-02-12) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2016-09-23) [Support]
User Launch Agents: ⓘ
[failed] com.adobe.ARM.[...].plist (2013-09-29) [Support] - /Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper: Executable not found!
[running] com.spotify.webhelper.plist (2017-01-12) [Support]
User Login Items: ⓘ
iTunesHelper Programm Hidden (2017-03-24)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins: ⓘ
JavaAppletPlugin: Java 8 Update 111 build 14 (2016-11-26) Check version
Unity Web Player: UnityPlayer version 4.5.2f1 - SDK 10.6 (2014-07-20) [Support]
Default Browser: 601 - SDK 10.11 (2016-07-31)
AdobePDFViewerNPAPI: 15.023.20056 - SDK 10.11 (2017-01-23) [Support]
FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-14) [Support]
Silverlight: 5.1.41212.0 - SDK 10.6 (2016-04-20) [Support]
QuickTime Plugin: 7.7.3 (2016-12-21)
Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-14) [Support]
NP_2020Player_IKEA: 5.0.94.1 - SDK 10.6 (2012-09-28) [Support]
AdobePDFViewer: 15.023.20056 - SDK 10.11 (2017-01-23) [Support]
SharePointBrowserPlugin: 14.0.1 (2010-10-29) [Support]
GarminGpsControl: 4.2.0.0 - SDK 10.8 (2014-04-01) [Support]
DirectorShockwave: 11.0.0r465 (2008-08-01) [Support]
Safari Extensions: ⓘ
DoNotTrackMe: Online Privacy Protection - Abine, the online privacy company. - hxxp://www.abine.com (2014-05-22)
Browser-Add-on zur Deaktivierung von Google Analytics - Google, Inc. - hxxp://tools.google.com/dlpage/gaoptout (2016-02-19)
3rd Party Preference Panes: ⓘ
Flash Player (2017-02-28) [Support]
Java (2016-11-26) [Support]
UA-5 (2009-08-28) [Support]
Time Machine: ⓘ
Skip System Files: NO
Auto backup: NO - Auto backup turned off
Volumes being backed up:
Destinations:
Data Master [Local]
Total size: 0 B
Total number of backups: 0
Oldest backup: -
Last backup: -
Size of backup disk: Excellent
Backup size 0 B > (Disk size 0 B X 3)
Top Processes by CPU: ⓘ
5% WindowServer
2% fontd
1% kernel_task
0% cloudpaird
Top Processes by Memory: ⓘ
926 MB kernel_task
393 MB com.apple.WebKit.WebContent(4)
229 MB Mail
197 MB mdworker(20)
164 MB Safari
Virtual Memory Information: ⓘ
12.66 GB Available RAM
10.47 GB Free RAM
3.34 GB Used RAM
2.20 GB Cached files
21 MB Swap Used
Diagnostics Information: ⓘ
Apr 10, 2017, 07:49:54 AM Self test - passed
|
|
10.04.2017, 23:12
| #4 |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Hi, Sieht OK aus, hast du die Datei noch? - Kannst du diese bitte als Anhang per PN an mich hochladen?
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche?  Spende fürs trojaner-board? |
|
11.04.2017, 18:14
| #5 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Hi Dante12, Danke für die Hilfe. Ja, ich habe die Datei noch, weiß aber leider nicht, wie ich diese als Anhang per PN an dich hochladen kann. Im Editor für die PN kann ich keine Anhänge hochladen. Wie geht das? Gruß McFly1 |
|
11.04.2017, 22:32
| #6 | |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert?Zitat:
__________________ --> Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? |
|
12.04.2017, 06:37
| #7 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Ich kann die Datei auswählen, aber wenn ich sie hochladen will, erhalte ich eine Fehlermeldung: "ungültige Datei". Die Datei-Endung ist .js, diese Endung steht nicht in der Liste der erlaubten Dateien. Liegt es daran? |
|
12.04.2017, 22:43
| #8 |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Ich schicke dir eine PN mit weiteren Instruktionen. Wie ich vermutet habe ist ein Windows-Trojaner: https://virustotal.com/de/file/16193...is/1492032933/ Auf deinem Rechner sollte es nicht funktionieren aber du kannst zur Sicherheit Malwarebytes laufen lassen. MalwareBytes for Mac
Hinweis für macOS 10.8 Die aktuelle Version von Malwarebytes ist nicht mit macOS 10.8 kompatibel. Bitte dafür folgende Version herunterladen: Malwarebytes 1.2.4.xx
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
13.04.2017, 16:56
| #9 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Hi Dante12, Malwarebytes hat nichts gefunden. Hier der System Snapshot. Code:
ATTFilter Malwarebytes Anti-Malware 1.2.6.730 system report - 13. April 2017 um 17:49:58 MESZ Mac OS X version Version 10.11.6 (Build 15G1217) System uptime: 0d 07:03:23 Helper tool version: 1.2.6.730 Signatures version: 180 Safari extensions ----------------------- Josa Josa Name: Path: /Users/Josa/Library/Safari/Extensions/Browser-Add-on zur Deaktivierung von Google Analytics.safariextz Modified: 2014-10-11 01:00:00 +0000 Name: DoNotTrackMe: Online Privacy Protection Path: /Users/Josa/Library/Safari/Extensions/DoNotTrackMe- Online Privacy Protection.safariextz Modified: 2014-05-22 18:06:42 +0000 Chrome extensions ----------------------- Firefox extensions ----------------------- User Login Items ----------------------- User: Josa Name: iTunesHelper Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app Name: AdobeResourceSynchronizer Path: (null) System startup items ----------------------- /Library/StartupItems/Fantom /Library/StartupItems/RDUSB0010Startup User launch agents ----------------------- /Users/Josa/Library/LaunchAgents/com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist /Users/Josa/Library/LaunchAgents/com.spotify.webhelper.plist System launch agents ----------------------- /Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist /Library/LaunchAgents/com.google.keystone.agent.plist System launch daemons ----------------------- /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist /Library/LaunchDaemons/com.adobe.fpsaud.plist /Library/LaunchDaemons/com.google.keystone.daemon.plist /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Kernel extensions ----------------------- /System/Library/Extensions/BJUSBLoad.kext /System/Library/Extensions/EPSONUSBPrintClass.kext /System/Library/Extensions/Fantom.kext /System/Library/Extensions/hp_designjet_series.kext /System/Library/Extensions/hp_Deskjet_io_enabler.kext /System/Library/Extensions/hp_fax_io.kext /System/Library/Extensions/hp_Inkjet1_io_enabler.kext /System/Library/Extensions/hp_Inkjet3_io_enabler.kext /System/Library/Extensions/hp_Inkjet4_io_enabler.kext /System/Library/Extensions/hp_Inkjet7_io_enabler.kext /System/Library/Extensions/hp_Inkjet8_io_enabler.kext /System/Library/Extensions/hp_Inkjet9_io_enabler.kext /System/Library/Extensions/hp_Inkjet_io_enabler.kext /System/Library/Extensions/hp_Officejet_io_enabler.kext /System/Library/Extensions/hp_Photosmart_io_enabler.kext /System/Library/Extensions/hp_qc_io_enabler.kext /System/Library/Extensions/LexmarkUSBMerge.kext /System/Library/Extensions/RDUSB0010Dev.kext /System/Library/Extensions/RDUSB0033Dev.kext /System/Library/Extensions/RDUSB008BDev.kext /Library/Extensions/ACS6x.kext /Library/Extensions/ArcMSR.kext /Library/Extensions/ATTOCelerityFC8.kext /Library/Extensions/ATTOExpressSASHBA2.kext /Library/Extensions/ATTOExpressSASRAID2.kext /Library/Extensions/CalDigitHDProDrv.kext /Library/Extensions/HighPointIOP.kext /Library/Extensions/HighPointRR.kext /Library/Extensions/hp_io_enabler_compound.kext /Library/Extensions/PromiseSTEX.kext /Library/Extensions/SoftRAID.kext launchd.conf contents ----------------------- Hosts file ----------------------- ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost Scan log ----------------------- 2017-04-13 17:47:43 : 2017-04-13 17:47:43 : ----- Scan Started ----- 2017-04-13 17:47:43 : Scanning with signatures version 180 (2017-4-7) 2017-04-13 17:47:52 : *** Scan time: 0d 00:00:08 *** 2017-04-13 17:47:52 : ------ Scan Ended ------ Code:
ATTFilter Malwarebytes Anti-Malware 1.2.6.730 system report - 13. April 2017 um 17:49:58 MESZ Mac OS X version Version 10.11.6 (Build 15G1217) System uptime: 0d 07:03:23 Helper tool version: 1.2.6.730 Signatures version: 180 Safari extensions ----------------------- Josa Josa Name: Path: /Users/Josa/Library/Safari/Extensions/Browser-Add-on zur Deaktivierung von Google Analytics.safariextz Modified: 2014-10-11 01:00:00 +0000 Name: DoNotTrackMe: Online Privacy Protection Path: /Users/Josa/Library/Safari/Extensions/DoNotTrackMe- Online Privacy Protection.safariextz Modified: 2014-05-22 18:06:42 +0000 Chrome extensions ----------------------- Firefox extensions ----------------------- User Login Items ----------------------- User: Josa Name: iTunesHelper Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app Name: AdobeResourceSynchronizer Path: (null) System startup items ----------------------- /Library/StartupItems/Fantom /Library/StartupItems/RDUSB0010Startup User launch agents ----------------------- /Users/Josa/Library/LaunchAgents/com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist /Users/Josa/Library/LaunchAgents/com.spotify.webhelper.plist System launch agents ----------------------- /Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist /Library/LaunchAgents/com.google.keystone.agent.plist System launch daemons ----------------------- /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist /Library/LaunchDaemons/com.adobe.fpsaud.plist /Library/LaunchDaemons/com.google.keystone.daemon.plist /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Kernel extensions ----------------------- /System/Library/Extensions/BJUSBLoad.kext /System/Library/Extensions/EPSONUSBPrintClass.kext /System/Library/Extensions/Fantom.kext /System/Library/Extensions/hp_designjet_series.kext /System/Library/Extensions/hp_Deskjet_io_enabler.kext /System/Library/Extensions/hp_fax_io.kext /System/Library/Extensions/hp_Inkjet1_io_enabler.kext /System/Library/Extensions/hp_Inkjet3_io_enabler.kext /System/Library/Extensions/hp_Inkjet4_io_enabler.kext /System/Library/Extensions/hp_Inkjet7_io_enabler.kext /System/Library/Extensions/hp_Inkjet8_io_enabler.kext /System/Library/Extensions/hp_Inkjet9_io_enabler.kext /System/Library/Extensions/hp_Inkjet_io_enabler.kext /System/Library/Extensions/hp_Officejet_io_enabler.kext /System/Library/Extensions/hp_Photosmart_io_enabler.kext /System/Library/Extensions/hp_qc_io_enabler.kext /System/Library/Extensions/LexmarkUSBMerge.kext /System/Library/Extensions/RDUSB0010Dev.kext /System/Library/Extensions/RDUSB0033Dev.kext /System/Library/Extensions/RDUSB008BDev.kext /Library/Extensions/ACS6x.kext /Library/Extensions/ArcMSR.kext /Library/Extensions/ATTOCelerityFC8.kext /Library/Extensions/ATTOExpressSASHBA2.kext /Library/Extensions/ATTOExpressSASRAID2.kext /Library/Extensions/CalDigitHDProDrv.kext /Library/Extensions/HighPointIOP.kext /Library/Extensions/HighPointRR.kext /Library/Extensions/hp_io_enabler_compound.kext /Library/Extensions/PromiseSTEX.kext /Library/Extensions/SoftRAID.kext launchd.conf contents ----------------------- Hosts file ----------------------- ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost Scan log ----------------------- 2017-04-13 17:47:43 : 2017-04-13 17:47:43 : ----- Scan Started ----- 2017-04-13 17:47:43 : Scanning with signatures version 180 (2017-4-7) 2017-04-13 17:47:52 : *** Scan time: 0d 00:00:08 *** 2017-04-13 17:47:52 : ------ Scan Ended ------ |
|
13.04.2017, 22:15
| #10 | |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Sieht gut aus aber.. Zitat:
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
13.04.2017, 22:32
| #11 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Nein, keine Ahnung. Was kann das sein? |
|
13.04.2017, 23:42
| #12 |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Kopiere den Inhalt aus der Code-Box in einen Texteditor (z.B. Textedit) und speichere es auf dein Desktop als RDU.sh Code:
ATTFilter #!/bin/bash
cd ~/Desktop
touch kextfile.txt
p="kextfile.txt"
cat /System/Library/Extensions/RDUSB0010Dev.kext/Contents/Info.plist > $p
cat /System/Library/Extensions/RDUSB0033Dev.kext/Contents/Info.plist >> $p
cat /System/Library/Extensions/RDUSB008BDev.kext/Contents/Info.plist >> $p
open -e $p
Starte dein Terminal und gebe folgendes ein (kopieren, in das Terminal einfügen und Enter drücken): Code:
ATTFilter sh RDU.sh
Kopiere den Inhalt des Fensters und füge es hier ein.
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
15.04.2017, 08:44
| #13 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Hi Dante12, könnte das RDUSB... mit einem Roland USB Keyboard zu tun haben? Hatte ich an meinem alten McbookPro installiert und könnte mit dem Backup auf dieses neuen McBookPro übertragen worden sein !? Code:
ATTFilter <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>RDUSB0010Dev</string>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB0010Dev</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundlePackageType</key>
<string>KEXT</string>
<key>CFBundleSignature</key>
<string>R010</string>
<key>CFBundleVersion</key>
<string>1.0.0</string>
<key>IOKitPersonalities</key>
<dict>
<key>RDUSB0010</key>
<dict>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB0010Dev</string>
<key>IOClass</key>
<string>jp_co_roland_RDUSB0010Dev_AudioDevice</string>
<key>IOProviderClass</key>
<string>IOUSBDevice</string>
<key>IOUserClientClass</key>
<string>jp_co_roland_RDUSB0010Dev_KextUserClient</string>
<key>idProduct</key>
<integer>16</integer>
<key>idVendor</key>
<integer>1410</integer>
</dict>
</dict>
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.iokit.IOAudioFamily</key>
<string>1.5.0b1</string>
<key>com.apple.iokit.IOUSBFamily</key>
<string>1.9.4fc1</string>
<key>com.apple.kpi.iokit</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.libkern</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.mach</key>
<string>8.0.0b3</string>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>RDUSB0033Dev</string>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB0033Dev</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundlePackageType</key>
<string>KEXT</string>
<key>CFBundleSignature</key>
<string>R033</string>
<key>CFBundleVersion</key>
<string>1.0.0</string>
<key>IOKitPersonalities</key>
<dict>
<key>RDUSB0033</key>
<dict>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB0033Dev</string>
<key>IOClass</key>
<string>jp_co_roland_RDUSB0033Dev_KextDevice</string>
<key>IOProviderClass</key>
<string>IOUSBDevice</string>
<key>IOUserClientClass</key>
<string>jp_co_roland_RDUSB0033Dev_KextUserClient</string>
<key>idProduct</key>
<integer>51</integer>
<key>idVendor</key>
<integer>1410</integer>
</dict>
</dict>
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.iokit.IOUSBFamily</key>
<string>1.9.4fc1</string>
<key>com.apple.kpi.iokit</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.libkern</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.mach</key>
<string>8.0.0b3</string>
</dict>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>RDUSB008BDev</string>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB008BDev</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundlePackageType</key>
<string>KEXT</string>
<key>CFBundleSignature</key>
<string>R08B</string>
<key>CFBundleVersion</key>
<string>1.0.0</string>
<key>IOKitPersonalities</key>
<dict>
<key>RDUSB008B</key>
<dict>
<key>CFBundleIdentifier</key>
<string>jp.co.roland.RDUSB008BDev</string>
<key>IOClass</key>
<string>jp_co_roland_RDUSB008BDev_KextDevice</string>
<key>IOProviderClass</key>
<string>IOUSBDevice</string>
<key>IOUserClientClass</key>
<string>jp_co_roland_RDUSB008BDev_KextUserClient</string>
<key>idProduct</key>
<integer>139</integer>
<key>idVendor</key>
<integer>1410</integer>
</dict>
</dict>
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.iokit.IOUSBFamily</key>
<string>1.9.4fc1</string>
<key>com.apple.kpi.iokit</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.libkern</key>
<string>8.0.0b3</string>
<key>com.apple.kpi.mach</key>
<string>8.0.0b3</string>
</dict>
</dict>
</plist>
|
|
16.04.2017, 07:56
| #14 |
| /// Mac Expert | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Verwendest du Roland-Hardware z.B. für Musik? Das sind nämlich Treiber von Roland.
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
16.04.2017, 08:26
| #15 |
| | Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? Ja, so ist es! Heisst das, das mein Rechner ansonsten sauber ist? |
|
| Themen zu Mac OS X - File-Anhang aus Fake DHL-Email gestartet - bin ich infiziert? |
| .js-file anhang, april, bin ich infiziert, dankbar, datei, doppelklick, eingefangen, erstell, fake, fake dhl email, fenster, folge, folgende, gefangen, genutzt, gestartet, herausfinden, hilfreiche, hinweise, infiziert, interne, internet, link, mac, mac os x 10.11.6, rechner, report, troja, virus |
