Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Mac OSX & Linux (https://www.trojaner-board.de/alles-rund-um-mac-osx-linux/)
-   -   Google Chrome (auf Mac!) öffnet permanent automatisch Werbung (https://www.trojaner-board.de/189732-google-chrome-mac-oeffnet-permanent-automatisch-werbung.html)

LiLciL 17.04.2018 07:56
Google Chrome (auf Mac!) öffnet permanent automatisch Werbung
 
Hi,

ich grab den hier mal aus, weil ich genau das selbe Problem habe und der TE nicht mehr geantwortet hat.

edit
Bitte keine fremden Threads kapern. Es hat schon seinen Grund, dass hier jeder Hilfesuchende zu SEINEM PERSÖNLICHEN Problem, ein eigenes Thema aufmachen soll. Deine Beiträge wurden in ein neues Thema ausgelagert....

--
cosinus
/edit

Mein AdwareMedic Log:
Code:
2018-04-17 08:36:09: ----- Scan Started -----
2018-04-17 08:36:09: Scanning with signatures version 51
2018-04-17 08:36:43: No adware found
2018-04-17 08:36:43: ----- Scan Ended -----
Mein Systemlog:
Code:
Start time: 08:45:13 04/17/18

Revision: 1174

Model Identifier: MacBookAir7,1
System Version: macOS 10.13.3 (17D47)
Kernel Version: Darwin 17.4.0
System Integrity Protection: Enabled
Time since boot: 24 minutes

FileVault: On

Log

  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc/Contents/MacOS/com.apple.hiservices-xpcservice error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.SpeechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc, error = 1: Operation not permitted
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc, error = 1: Operation not permitted
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc, error = 1: Operation not permitted
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc, error = 1: Operation not permitted
  Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc, error = 1: Operation not permitted
  Apr 15 20:58:48 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
  Apr 15 21:12:28 com.apple.iTunesHelper.5268: Service exited with abnormal code: 1
  Apr 15 21:12:28 com.apple.Siri.agent: Service exited with abnormal code: 1
  Apr 16 10:33:44 Failed to remove file or directory: name = com.apple.pkg.CoreFP.igFkBn, error = 1: Operation not permitted. Further logging suppressed.
  Apr 16 10:33:44 com.apple.xpc.launchd.domain.system: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.platform.ptmd.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
  Apr 16 10:34:02 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
  Apr 16 10:34:09 com.google.keystone.user.agent: Service exited with abnormal code: 1
  Apr 16 10:34:40 com.apple.xpc.launchd.domain.system: Could not read path: path = /Library/LaunchDaemons/com.microsoft.autoupdate.helpertool.plist, error = 2: No such file or directory
  Apr 16 11:25:41 com.apple.iTunesHelper.5268: Service exited with abnormal code: 1
  Apr 16 11:25:41 com.apple.Siri.agent: Service exited with abnormal code: 1
  Apr 17 08:21:47 Failed to remove file or directory: name = com.apple.pkg.CoreFP.igFkBn, error = 1: Operation not permitted. Further logging suppressed.
  Apr 17 08:21:47 com.apple.xpc.launchd.domain.system: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.platform.ptmd.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
  Apr 17 08:22:02 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
  Apr 17 08:22:13 com.google.keystone.user.agent: Service exited with abnormal code: 1
  Apr 17 08:40:04 com.apple.xpc.launchd.domain.pid.quicklookd.1620: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app

Bad kernel extensions

  /System/Library/Extensions/AppleOSXUSBNCM.kext

Loaded kernel extensions

  com.avast.FileShield (4.0.0) UUID
  com.avast.PacketForwarder (2.1) UUID

Daemons

  com.avast.account
  com.avast.daemon
  com.avast.fileshield
  com.avast.init
  com.avast.osx.secureline.burger
  com.avast.osx.secureline.init
  com.avast.osx.secureline.racoonrun
  com.avast.osx.secureline.service
  com.avast.osx.secureline.uninstall
  com.avast.osx.secureline.update
  com.avast.proxy
  com.avast.service
  com.avast.uninstall
  com.avast.update
  com.avast.wifiguard
  com.microsoft.autoupdate.helper
  com.microsoft.office.licensingV2.helper
  org.postfix.master

Agents

  6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper
  com.apple.iBooksX.CacheDelete
  com.avast.helper
  com.avast.home.userinit
  -        status: 78
  com.avast.osx.secureline.home.userinit
  com.avast.osx.secureline.update-agent
  com.avast.osx.secureline.userinit
  com.avast.userinit
  com.dropbox.DropboxMacUpdate.agent
  com.google.keystone.user.agent
  -        status: 1
  com.microsoft.update.agent

dylibs

  /Library/Application Support/Avast/components/proxy/certutil/libfreebl3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libnspr4.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libnss3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libnssdbm3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libnssutil3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libplc4.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libplds4.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libsmime3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libsoftokn3.dylib
  /Library/Application Support/Avast/components/proxy/certutil/libssl3.dylib
  /Library/Application Support/Avast/lib/libcrypto.1.0.0.dylib
  /Library/Application Support/Avast/lib/libhns.dylib
  /Library/Application Support/Avast/lib/libjsoncpp.1.8.3.dylib
  /Library/Application Support/Avast/lib/libprotobuf-lite.8.dylib
  /Library/Application Support/Avast/lib/libssl.1.0.0.dylib
  /Users/USER/Library/Application Support/Firefox/Profiles/pp09kinh.default/gmp-gmpopenh264/1.5.3/libgmpopenh264.dylib
  /Users/USER/Library/Application Support/Firefox/Profiles/pp09kinh.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.dylib
  /Users/USER/Library/VirtualDJ/Plugins/libmp3lame.dylib

App extensions

  com.getdropbox.dropbox.garcon
  com.microsoft.onenote.mac.shareextension

Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
  -        mod date: Jul 15 22:38:22 2017
  -        checksum: 1199119104

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
          <key>Kernel Flags</key>
          <string></string>
  </dict>
  </plist>

Contents of /Library/Preferences/com.apple.security.appsandbox.plist
  -        mod date: Aug  4 11:26:31 2017
  -        checksum: 2599182411

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
      <key>UnrestrictSpotlightContainerScope</key>
      <true/>
  </dict>
  </plist>

Contents of /etc/hosts
  -        mod date: Feb 25 23:50:13 2016
  -        checksum: 3164423663

  127.0.0.1        localhost
  255.255.255.255        broadcasthost
  ::1            localhost

Contents of /etc/pam.d/authorization
  -        mod date: Oct  3 03:04:58 2017
  -        checksum: 1288902703

  auth      optional      pam_krb5.so use_first_pass use_kcminit
  auth      optional      pam_ntlm.so use_first_pass
  auth      required      pam_opendirectory.so use_first_pass nullok
  account    required      pam_opendirectory.so

Contents of /etc/pam.d/authorization_aks
  -        mod date: Oct  3 02:59:34 2017
  -        checksum: 841932527

  auth      required      pam_aks.so
  account    required      pam_opendirectory.so

Contents of /etc/pam.d/authorization_ctk
  -        mod date: Oct  3 03:00:59 2017
  -        checksum: 2418984201

  auth      required      pam_smartcard.so                use_first_pass pkinit
  account    required      pam_opendirectory.so

Contents of /etc/pam.d/authorization_la
  -        mod date: Oct  3 02:59:54 2017
  -        checksum: 2713564393

  auth      required      pam_localauthentication.so
  auth      required      pam_aks.so
  account    required      pam_opendirectory.so

Contents of /etc/pam.d/authorization_lacont
  -        mod date: Oct  3 02:59:54 2017
  -        checksum: 3048101696

  auth      required      pam_localauthentication.so continuityunlock
  auth      required      pam_aks.so
  account    required      pam_opendirectory.so

Contents of /etc/pam.d/checkpw
  -        mod date: Oct  3 02:40:14 2017
  -        checksum: 2672765862

  auth      required      pam_opendirectory.so use_first_pass nullok
  account    required      pam_opendirectory.so no_check_home no_check_shell

Contents of /etc/pam.d/chkpasswd
  -        mod date: Sep 30 03:24:58 2017
  -        checksum: 335781771

  auth      required      pam_opendirectory.so
  account    required      pam_opendirectory.so
  password  required      pam_permit.so
  session    required      pam_permit.so

Contents of /etc/pam.d/cups
  -        mod date: Oct 12 07:51:27 2017
  -        checksum: 2842188894

  auth      required      pam_opendirectory.so
  account    required      pam_permit.so
  password  required      pam_deny.so
  session    required      pam_permit.so

Contents of /etc/pam.d/login
  -        mod date: Sep 30 03:24:31 2017
  -        checksum: 1242678644

  auth      optional      pam_krb5.so use_kcminit
  auth      optional      pam_ntlm.so try_first_pass
  auth      optional      pam_mount.so try_first_pass
  auth      required      pam_opendirectory.so try_first_pass
  account    required      pam_nologin.so
  account    required      pam_opendirectory.so
  password  required      pam_opendirectory.so
  session    required      pam_launchd.so
  session    required      pam_uwtmp.so
  session    optional      pam_mount.so

Contents of /etc/pam.d/login.term
  -        mod date: Sep 30 03:24:31 2017
  -        checksum: 3930746290

  account    required      pam_nologin.so
  account    required      pam_opendirectory.so
  session    required      pam_uwtmp.so

Contents of /etc/pam.d/other
  -        mod date: Jul 15 23:02:50 2017
  -        checksum: 2748091512

  auth      required      pam_deny.so
  account    required      pam_deny.so
  password  required      pam_deny.so
  session    required      pam_deny.so

Contents of /etc/pam.d/passwd
  -        mod date: Sep 30 03:24:20 2017
  -        checksum: 1026516346

  auth      required      pam_permit.so
  account    required      pam_opendirectory.so
  password  required      pam_opendirectory.so
  session    required      pam_permit.so

Contents of /etc/pam.d/screensaver
  -        mod date: Oct  3 03:12:26 2017
  -        checksum: 3141704602

  auth      optional      pam_krb5.so use_first_pass use_kcminit
  auth      required      pam_opendirectory.so use_first_pass nullok
  account    required      pam_opendirectory.so
  account    sufficient    pam_self.so
  account    required      pam_group.so no_warn group=admin,wheel fail_safe
  account    required      pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_aks
  -        mod date: Oct  3 02:59:34 2017
  -        checksum: 3209544573

  auth      required      pam_aks.so
  account    required      pam_opendirectory.so
  account    sufficient    pam_self.so
  account    required      pam_group.so no_warn group=admin,wheel fail_safe
  account    required      pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_ctk
  -        mod date: Oct  3 03:00:59 2017
  -        checksum: 367670211

  auth      required      pam_smartcard.so                        use_first_pass
  account    required      pam_opendirectory.so
  account    sufficient    pam_self.so
  account    required      pam_group.so no_warn group=admin,wheel fail_safe
  account    required      pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_la
  -        mod date: Oct  3 02:59:54 2017
  -        checksum: 589164084

  auth      required      pam_localauthentication.so
  auth      required      pam_aks.so
  account    required      pam_opendirectory.so
  account    sufficient    pam_self.so
  account    required      pam_group.so no_warn group=admin,wheel fail_safe
  account    required      pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/smbd
  -        mod date: Jul 16 01:42:11 2017
  -        checksum: 2516643123

  account required        pam_sacl.so sacl_service=smb allow_trustacct
  session required        pam_permit.so

Contents of /etc/pam.d/sshd
  -        mod date: Jul 16 00:02:08 2017
  -        checksum: 2989478361

  auth      optional      pam_krb5.so use_kcminit
  auth      optional      pam_ntlm.so try_first_pass
  auth      optional      pam_mount.so try_first_pass
  auth      required      pam_opendirectory.so try_first_pass
  account    required      pam_nologin.so
  account    required      pam_sacl.so sacl_service=ssh
  account    required      pam_opendirectory.so
  password  required      pam_opendirectory.so
  session    required      pam_launchd.so
  session    optional      pam_mount.so

Contents of /etc/pam.d/su
  -        mod date: Jul 15 23:10:42 2017
  -        checksum: 2045483434

  auth      sufficient    pam_rootok.so
  auth      required      pam_opendirectory.so
  account    required      pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
  account    required      pam_opendirectory.so no_check_shell
  password  required      pam_opendirectory.so
  session    required      pam_launchd.so

Contents of /etc/pam.d/sudo
  -        mod date: Jul 15 23:04:32 2017
  -        checksum: 1168067210

  auth      sufficient    pam_smartcard.so
  auth      required      pam_opendirectory.so
  account    required      pam_permit.so
  password  required      pam_deny.so
  session    required      pam_permit.so

Contents of /etc/periodic/daily/110.clean-tmps
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 4099837049

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_clean_tmps_enable" in
      [Yy][Ee][Ss])
          if [ -z "$daily_clean_tmps_days" ]
          then
              echo '$daily_clean_tmps_enable is set but' \
                  '$daily_clean_tmps_days is not'
              rc=2
          else
              echo ""
              echo "Removing old temporary files:"
              set -f noglob
              args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
              args="${args} -ctime +$daily_clean_tmps_days"
              dargs="-empty -mtime +$daily_clean_tmps_days"
              dargs="${dargs} ! -name .vfs_rsrc_streams_*"
              [ -n "$daily_clean_tmps_ignore" ] && {
                  args="$args "`echo " ${daily_clean_tmps_ignore% }" |
                      sed 's/[        ][        ]*/ ! -name /g'`
                  dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
                      sed 's/[        ][        ]*/ ! -name /g'`

  ...and 21 more line(s)

Contents of /etc/periodic/daily/130.clean-msgs
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 4292599426

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_clean_msgs_enable" in
      [Yy][Ee][Ss])
          if [ ! -d /var/msgs ]
          then
              echo '$daily_clean_msgs_enable is set but /var/msgs' \
                  "doesn't exist"
              rc=2
          else
              echo ""
              echo "Cleaning out old system announcements:"
              [ -n "$daily_clean_msgs_days" ] &&
                  arg=-${daily_clean_msgs_days#-} || arg=
              msgs -c $arg && rc=0 || rc=3
          fi;;
      *)  rc=0;;
  esac
  exit $rc

Contents of /etc/periodic/daily/140.clean-rwho
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 659374794

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_clean_rwho_enable" in
      [Yy][Ee][Ss])
          if [ -z "$daily_clean_rwho_days" ]
          then
              echo '$daily_clean_rwho_enable is enabled but' \
                  '$daily_clean_rwho_days is not set'
              rc=2
          elif [ ! -d /var/rwho ]
          then
              echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
                  "doesn't exist"
              rc=2
          else
              echo ""
              echo "Removing stale files from /var/rwho:"
              case "$daily_clean_rwho_verbose" in
                  [Yy][Ee][Ss])
                      print=-print;;
                  *)
                      print=;;

  ...and 14 more line(s)

Contents of /etc/periodic/daily/199.clean-fax
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 1104983357

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  if [ -d /var/spool/fax ]; then
      echo ""
      echo "Removing scratch fax files"
      cd /var/spool/fax && \
      find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
  fi

Contents of /etc/periodic/daily/310.accounting
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 3208203734

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_accounting_enable" in
      [Yy][Ee][Ss])
          if [ ! -f /var/account/acct ]
          then
              echo '$daily_accounting_enable is set but /var/account/acct' \
                  "doesn't exist"
              rc=2
          elif [ -z "$daily_accounting_save" ]
          then
              echo '$daily_accounting_enable is set but ' \
                  '$daily_accounting_save is not'
              rc=2
          else
              echo ""
              echo "Rotating accounting logs and gathering statistics:"
              cd /var/account
              rc=0
              n=$daily_accounting_save
              rm -f acct.$n.gz acct.$n || rc=3
              m=$n

  ...and 18 more line(s)

Contents of /etc/periodic/daily/400.status-disks
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 1480768650

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_status_disks_enable" in
      [Yy][Ee][Ss])
          echo ""
          echo "Disk status:"
          df $daily_status_disks_df_flags && rc=1 || rc=3
          ;;
      *)  rc=0;;
  esac
  exit $rc

Contents of /etc/periodic/daily/420.status-network
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 2730873650

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_status_network_enable" in
      [Yy][Ee][Ss])
          echo ""
          echo "Network interface status:"
          case "$daily_status_network_usedns" in
              [Yy][Ee][Ss])
                  netstat -i && rc=0 || rc=3;;
              *)
                  netstat -in && rc=0 || rc=3;;
          esac;;
      *)  rc=0;;
  esac
  exit $rc

Contents of /etc/periodic/daily/430.status-rwho
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 3455351261

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$daily_status_rwho_enable" in
      [Yy][Ee][Ss])
          rwho=$(echo /var/rwho/*)
          if [ -f "${rwho%% *}" ]
          then
              echo ""
              echo "Local network system status:"
              prog=ruptime
          else
              echo ""
              echo "Local system status:"
              prog=uptime
          fi
          rc=$($prog | tee /dev/stderr | wc -l)
          if [ $? -eq 0 ]
          then
              [ $rc -gt 1 ] && rc=1
          else
              rc=3
          fi;;

  ...and 3 more line(s)

Contents of /etc/periodic/daily/999.local
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 2319755381

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  rc=0
  for script in $daily_local
  do
      echo ''
      case "$script" in
          /*)
              if [ -f "$script" ]
              then
                  echo "Running $script:"
                  sh $script || rc=3
              else
                  echo "$script: No such file"
                  [ $rc -lt 2 ] && rc=2
              fi;;
          *)
              echo "$script: Not an absolute path"
              [ $rc -lt 2 ] && rc=2;;
      esac
  done
  exit $rc

Contents of /etc/periodic/monthly/199.rotate-fax
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 3437454680

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  echo ""
  printf %s "Rotating fax log files:"
  cd /var/log/fax
  for i in *.log; do
      if [ -f "${i}" ]; then
      echo -n " $i"
      if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
      if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
      if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
      if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
      if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
      if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
      touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
      fi
  done
  echo ""

Contents of /etc/periodic/monthly/200.accounting
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 3541581936

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  oldmask=$(umask)
  umask 066
  case "$monthly_accounting_enable" in
      [Yy][Ee][Ss])
          W=/var/log/wtmp
          rc=0
          remove=NO
          if [ $rc -eq 0 ]
          then
              echo ""
              echo "Doing login accounting:"
              rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
              [ $rc -gt 0 ] && rc=1
          fi
          [ $remove = YES ] && rm -f $W.0;;
      *)  rc=0;;
  esac
  umask $oldmask
  exit $rc

Contents of /etc/periodic/monthly/999.local
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 2355967272

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  rc=0
  for script in $monthly_local
  do
      echo ''
      case "$script" in
          /*)
              if [ -f "$script" ]
              then
                  echo "Running $script:"
                  sh $script || rc=3
              else
                  echo "$script: No such file"
                  [ $rc -lt 2 ] && rc=2
              fi;;
          *)
              echo "$script: Not an absolute path"
              [ $rc -lt 2 ] && rc=2;;
      esac
  done
  exit $rc

Contents of /etc/periodic/weekly/320.whatis
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 922328658

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  case "$weekly_whatis_enable" in
      [Yy][Ee][Ss])
          echo ""
          echo "Rebuilding whatis database:"
          MANPATH=`/usr/bin/manpath -q`
          if [ $? = 0 ]
          then
              if [ -z "${MANPATH}" ]
              then
                  echo "manpath failed to find any manpage directories"
                  rc=3
              else
                  rc=0
                  /usr/libexec/makewhatis.local "${MANPATH}" || rc=3
                  if [ X"${man_locales}" != X ]
                  then
                      for i in ${man_locales}
                      do
                          LC_ALL=$i /usr/libexec/makewhatis.local -a \
                              -L "${MANPATH}" || rc=3

  ...and 9 more line(s)

Contents of /etc/periodic/weekly/999.local
  -        mod date: Jul 15 23:02:04 2017
  -        checksum: 3078968429

  if [ -r /etc/defaults/periodic.conf ]
  then
      . /etc/defaults/periodic.conf
      source_periodic_confs
  fi
  rc=0
  for script in $weekly_local
  do
      echo ''
      case "$script" in
          /*)
              if [ -f "$script" ]
              then
                  echo "Running $script:"
                  sh $script || rc=3
              else
                  echo "$script: No such file"
                  [ $rc -lt 2 ] && rc=2
              fi;;
          *)
              echo "$script: Not an absolute path"
              [ $rc -lt 2 ] && rc=2;;
      esac
  done
  exit $rc

Contents of /etc/pf.conf
  -        mod date: Jul 15 23:55:36 2017
  -        checksum: 2891177609

  scrub-anchor "com.apple/*"
  nat-anchor "com.apple/*"
  rdr-anchor "com.apple/*"
  dummynet-anchor "com.apple/*"
  anchor "com.apple/*"
  load anchor "com.apple" from "/etc/pf.anchors/com.apple"

Contents of /etc/syslog.conf
  -        mod date: Jul 22 04:17:16 2017
  -        checksum: 2399118465

  install.*                                                @127.0.0.1:32376

Firewall: On

DNS: 160.45.8.8 (static)

User login items

  Unified Remote
  -        /Applications/Unified Remote.app
  Dropbox
  -        /Applications/Dropbox.app
  iTunesHelper
  -        /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Restricted files: 2501

Lockfiles: 20

Elapsed time (sec): 342
Hoffe ihr könnt helfen, vielen lieben Dank schonmal.

Dante12 17.04.2018 16:01
:hallo:

Mein Name ist Dante12 und ich versuche dir bei deinem Problem zu helfen so gut ich kann. Bitte arbeite so lange mit, bis ich dir mein Ok gebe. Beachte folgende Punkte damit die Arbeit nicht unnötig erschwert wird.
  • Ruhe bewahren!
  • Bitte führe keine Installation / Deinstallation durch so lange wir hier an dem Problem arbeiten
  • Nutze nur die Software die ich dir bei der Bereinigung anbiete - keine zusätzlichen Tools die die Arbeit erschweren würden.
  • Stelle Fragen bitte sofort damit kurzfristig darauf reagiert werden kann.
  • Lösche keine Daten selbständig von denen du nicht sicher bist ob diese mit einer Malware zu tun haben.
  • Geduld! Für gewöhnlich antworte ich kurzfristig auf Anfragen. Jedoch kommt es schon mal vor, dass es etwas länger dauert. Solltest du aber binnen 24 Stunden keine Antwort erhalten, schicke mir bitte eine Nachricht.
    Für gewöhnlich solltest du ein neues Thema erstellen. Da dieses Thema schon drei Jahre alt ist und der TE sich nicht gemeldet hat, machen wir ausnahmsweise hier weiter.

Schritt 1

Scan mit MalwareBytes 3 for Mac
  • Lade dir bitte MalwareBytes 3 for Mac herunter.
  • Starte das "Install Malwarebytes 3.xx.pkg" um Malwarebytes zu installieren.
  • Programm starten und klicke auf Scan. Gefundene Malware wird in die Quarantäne verschoben. Rufe die Quarantäne auf und lösche die Eintrage. Mache einen Neustart!
  • Erstelle ein Log:
  • Lade dir bitte von Malwarebytes das GetSystemProfile.zip herunter und speichere es auf deinen Desktop.
  • Entpacken und Ausführen. Gebe dein Admin-Passwort wenn verlangt ein, und speichere anschliessend ForMalwarebytes.txt auf deinem Desktop.
  • Öffne das Log, kopiere alles und füge es hier in Code-Tags (Lesestoff Code-Tags) ein.

Schritt 2

EtreCheck installieren
  • Lade dir bitte EtreCheck herunter.
  • Entpacken und Ausführen.
  • Klicke auf das Pull-Down Menü und wähle No Problem - Just Checking, anschliessend auf Start Etrecheck
  • Nach Abschluss erscheint das EtreCheck-Fenster. In der linken Spalte kannst du verschiedene Informationen über deinen Rechner abrufen.
  • Klicke oben links auf den Button Share Report und anschließend Copy Report.
  • Akzeptiere die Lizenz-Bedingungen, danach wird das Log in die Zwischenanlage (Clipboard) kopiert.
  • Füge den Inhalt mit Command-V hier in dein Thema ein. Bitte in Code-Tags siehe Lesestoff.


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit COMMAND+A) und kopiere es in die Zwischenablage mit COMMAND+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke COMMAND+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://dante.trojaner-board.de/bilder/code-tags.png

LiLciL 17.04.2018 18:51
Hi und vielen Dank, dass du dir die Zeit nimmst.

Malwarebytes hat nichts gefunden.

System:
Code:
Malwarebytes System Profile
Scanned Dienstag, 17. April 2018 um 19:39:36
Malwarebytes version 3.2.36.1163
Mac OS X version 10.13.4

Safari extensions
---------------
Folder does not exist.

Chrome extensions
---------------
pkedcjkdefgpdelpbcmbmeomcjbeemfm : modified Sonntag, 18. März 2018 um 17:21:02
        -> Chrome Media Router
bkkbcggnhapdmkeljlodobbkopceiche : modified Samstag, 10. Februar 2018 um 13:49:05
        -> bkkbcggnhapdmkeljlodobbkopceiche
pjkljhegncpnkpknbcohdijeoejaedia : modified Montag, 7. März 2016 um 13:49:45
        -> Gmail
apdfllckaahabafndbhieahigkjlhalf : modified Montag, 7. März 2016 um 13:49:45
        -> Google Drive
fdfblflkjmmbcdofkedlllkfkadghbpo : modified Sonntag, 30. Juli 2017 um 00:03:33
        -> ?d?I??k ?Iu?
lmjnegcaeklhafolokijcfjliaokphfk : modified Sonntag, 22. Oktober 2017 um 12:42:55
        -> Video DownloadHelper
nmmhkkegccagdldgiimedpiccmgmieda : modified Montag, 16. April 2018 um 10:35:11
        -> nmmhkkegccagdldgiimedpiccmgmieda
bodncoafpihbhpfljcaofnebjkaiaiga : modified Donnerstag, 1. Februar 2018 um 15:55:32
        -> appear.in screen sharing
blpcfgokakmgnkcojhhkbfbldkacnbeo : modified Montag, 7. März 2016 um 13:49:45
        -> YouTube
gomekmidlodglbbmalcneegieacbdmki : modified Sonntag, 18. März 2018 um 17:21:02
        -> Avast Online Security

Chrome external extensions
---------------
  +++ For user +++
--- Contents of gomekmidlodglbbmalcneegieacbdmki.json : modified Donnerstag, 23. November 2017 um 09:07:04 ---
{ "external_update_url": "https://clients2.google.com/service/update2/crx" }
--- End Contents ---
  +++ Global +++
Folder does not exist

Mozilla extensions
---------------
Folder does not exist

Firefox extensions
---------------
wrc@avast.com.xpi : modified Donnerstag, 23. November 2017 um 09:07:04
        -> Error getting extension information

Login items
---------------
Dropbox
Unified Remote
iTunesHelper

Sandboxed login items (overrides.plist)
---------------
No login items

Startup items
---------------
None

System startup items
---------------
None

User launch agents
---------------
total 32
-rw-r--r--  1 Lene  staff  481 Dec 20 19:15 com.avast.home.userinit.plist
-rw-r--r--  1 Lene  staff  542 Mar 27 11:11 com.avast.osx.secureline.home.userinit.plist
-rw-r--r--  1 Lene  staff  684 Apr 15 21:04 com.dropbox.DropboxMacUpdate.agent.plist
-rw-r--r--@ 1 Lene  staff  801 Jul 12  2016 com.google.keystone.agent.plist

System launch agents
---------------
total 40
-rw-r--r--  1 root  wheel  733 Mar 27 11:11 com.avast.osx.secureline.update-agent.plist
-rw-r--r--  1 root  wheel  461 Mar 27 11:11 com.avast.osx.secureline.userinit.plist
-rw-r--r--  1 root  wheel  436 Mar 11 09:13 com.avast.userinit.plist
-rw-r--r--  1 root  wheel  651 Feb 26 16:06 com.malwarebytes.mbam.frontend.agent.plist
-rw-r--r--  1 root  wheel  338 Apr 16 10:34 com.microsoft.update.agent.plist

System launch daemons
---------------
total 80
-rw-r--r--  1 root  wheel  571 Mar 11 09:13 com.avast.init.plist
-rw-r--r--  1 root  wheel  596 Mar 27 11:11 com.avast.osx.secureline.init.plist
-rw-r--r--  1 root  wheel  720 Mar 27 11:11 com.avast.osx.secureline.uninstall.plist
-rw-r--r--  1 root  wheel  720 Mar 27 11:11 com.avast.osx.secureline.update.plist
-rw-r--r--  1 root  wheel  685 Mar 11 09:13 com.avast.uninstall.plist
-rw-r--r--  1 root  wheel  695 Mar 11 09:13 com.avast.update.plist
-rw-r--r--  1 root  wheel  786 Feb 26 16:06 com.malwarebytes.mbam.rtprotection.daemon.plist
-rw-r--r--  1 root  wheel  562 Feb 26 16:06 com.malwarebytes.mbam.settings.daemon.plist
-rw-r--r--  1 root  wheel  267 Apr 16 10:34 com.microsoft.autoupdate.helper.plist
-rw-r--r--  1 root  wheel  657 Jan  9  2016 com.microsoft.office.licensingV2.helper.plist

Third-party kexts
---------------
com.avast.FileShield (4.0.0) B45B9A8D-AA3B-3EB1-9ED0-8D43D5D851A5 <5 4 1>
com.avast.PacketForwarder (2.1) 344201BF-FF1A-3869-92F7-EA3B4B9BE230 <4 1>
com.malwarebytes.mbam.rtprotection (3.2.36) 197B3B52-FE0A-386A-BC14-5F28B2F4E8F1 <5 4 3 1>

DNS settings
---------------
Server:                2a02:8109:8f80:286c:5e35:3bff:fe94:3db0

Hosts file
---------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1        localhost
255.255.255.255        broadcasthost
::1            localhost

Cron tasks
---------------
User tasks:
No user cron tasks
Root tasks:
No root cron tasks

LoginHook
---------------
No login hooks

Apps to re-launch at restart
---------------
{
  "TALAppsToRelaunchAtLogin" => [
    0 => {
      "BackgroundState" => 2
      "BundleID" => "com.apple.finder"
      "Hide" => 0
      "Path" => "/System/Library/CoreServices/Finder.app"
    }
    1 => {
      "BackgroundState" => 2
      "BundleID" => "com.google.chrome"
      "Hide" => 0
      "Path" => "/Applications/Google Chrome.app"
    }
    2 => {
      "BackgroundState" => 2
      "BundleID" => "com.microsoft.autoupdate2"
      "Hide" => 0
      "Path" => "/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app"
    }
    3 => {
      "BackgroundState" => 2
      "BundleID" => "com.apple.appstore"
      "Hide" => 0
      "Path" => "/Applications/App Store.app"
    }
    4 => {
      "BackgroundState" => 2
      "BundleID" => "com.microsoft.word"
      "Hide" => 0
      "Path" => "/Applications/Microsoft Word.app"
    }
    5 => {
      "BackgroundState" => 3
      "BundleID" => "com.apple.scripteditor.id.get-system-profile"
      "Hide" => 0
      "Path" => "/private/var/folders/l5/lsw42gtx21z46ldlngcg3bmr0000gn/T/AppTranslocation/F1362F83-5D00-4D82-BA92-26C5B913FE89/d/Get System Profile.app"
    }
  ]
}

Contents of Quarantine
---------------
None

EtreCheck:
Code:
EtreCheck version: 4.2.1 (4C020)
Report generated: 2018-04-17 19:49:57
Download EtreCheck from https://etrecheck.com
Runtime: 5:40
Performance: Below Average

Problem: No problem - just checking

Major Issues:
  Anything that appears on this list needs immediate attention.
  No Time Machine backup - Time Machine backup not found.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems.
  Low disk space - This machine is running low on free hard drive space.
  Clean up - There are orphan files that could be removed.
  Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
  Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
  32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:
  MacBook Air (11-inch, Early 2015)
  MacBook Air Model: MacBookAir7,1
  1 1,6 GHz Intel Core i5 (i5-5250U) CPU: 2-core
  4 RAM Not upgradeable
    BANK 0/DIMM0 - 2 GB DDR3 1600  ok
    BANK 1/DIMM0 - 2 GB DDR3 1600  ok
  Battery: Health = Normal - Cycle count = 76

Video Information:
  Intel HD Graphics 6000 - VRAM: 1536 MB
    Color LCD 1366 x 768

Drives:
  disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes)
  Internal PCI 5.0 GT/s x2 Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 () 121.12 GB
      disk1s1 - O*********2 (APFS) 121.12 GB (99.87 GB used)
      disk1s2 - Preboot (APFS) [APFS Preboot] 121.12 GB (21 MB used)
      disk1s3 - Recovery (APFS) [Recovery] 121.12 GB (518 MB used)
      disk1s4 - VM (APFS) [APFS VM] 121.12 GB (2.15 GB used)

Mounted Volumes:
  disk1s1 - O*********2 121.12 GB (18.50 GB free)
  APFS
  Mount point: /
  Encrypted

  disk1s4 - VM [APFS VM]  121.12 GB (18.50 GB free)
  APFS
  Mount point: /private/var/vm
 
Network:
  Interface en3: iPhone
  Interface en0: Wi-Fi
    802.11 a/b/g/n/ac
    One IPv4 address
    2 IPv6 addresses
  Interface en2: Bluetooth PAN
  Interface bridge0: Thunderbolt Bridge
  iCloud Quota: 33.56 GB available

System Software:
  macOS High Sierra 10.13.4 (17E199)
  Time since boot: About 10 hours
  System Load: 3.84 (1 min ago) 3.54 (5 min ago) 4.89 (15 min ago)

Security:
  System                      Status
  Gatekeeper                  Mac App Store and identified developers
  System Integrity Protection  Enabled

Unsigned Files:
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.uninstall.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.init.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.uninstall.plist
    Executable: /Library/Application Support/Avast/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: ~/Library/LaunchAgents/com.avast.osx.secureline.home.userinit.plist
    Executable: /Users/***/Library/Application Support/AvastSecureLine/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.init.plist
    Executable: /Library/Application Support/Avast/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.update.plist
    Executable: /Library/Application Support/Avast/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.update.plist
    Executable: /Library/Application Support/AvastSecureLine/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.osx.secureline.userinit.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.userinit.plist
    Executable: /Library/Application Support/Avast/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK

32-bit Applications:
  7 32-bit apps

Kernel Extensions:
  /Library/Application Support/Avast/components/fileshield/signed
    [Loaded]    AvastFileShield.kext (4.0.0 - SDK 10.12)

  /Library/Application Support/Avast/components/proxy/signed
    [Loaded]    AvastPacketForwarder.kext (2.1 - SDK 10.12)

  /Library/Extensions
    [Loaded]    MB_MBAM_Protection.kext (3.2 - SDK 10.13)

System Launch Agents:
  [Not Loaded]  8 Apple tasks
  [Loaded]      166 Apple tasks
  [Running]    118 Apple tasks
  [Other]      One Apple task

System Launch Daemons:
  [Not Loaded]  39 Apple tasks
  [Loaded]      176 Apple tasks
  [Running]    120 Apple tasks

Launch Agents:
  [Loaded]    com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]    com.avast.userinit.plist (? bb25154c  - installed 2018-03-11)
  [Running]    com.avast.osx.secureline.update-agent.plist (AVAST Software a.s. - installed 2018-03-27)
  [Loaded]    com.avast.osx.secureline.userinit.plist (? 2fc1004f  - installed 2018-03-27)
  [Running]    com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26)

Launch Daemons:
  [Running]    com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]    com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]    com.avast.uninstall.plist (? 22f94791  - installed 2018-03-11)
  [Loaded]    com.avast.init.plist (? fc55b6fa  - installed 2018-03-11)
  [Loaded]    com.avast.osx.secureline.init.plist (? 1bda83b1  - installed 2018-03-27)
  [Running]    com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Running]    com.avast.osx.secureline.update.plist (? f50a649c  - installed 2018-03-27)
  [Loaded]    com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2016-01-09)
  [Other]      com.avast.update.plist (? 5c6ac355  - installed 2018-03-11)
  [Loaded]    com.avast.osx.secureline.uninstall.plist (? ba7a0061  - installed 2018-03-27)

User Launch Agents:
  [Loaded]    com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
  [Loaded]    com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-15)
  [Other]      com.avast.home.userinit.plist (? 0  - installed 2017-12-20)
  [Loaded]    com.avast.osx.secureline.home.userinit.plist (? 0  - installed 2018-03-27)

User Login Items:
  Dropbox Programm (Dropbox, Inc.
    (/Applications/Dropbox.app)
  Unified Remote Programm (Unified Intents AB
    (/Applications/Unified Remote.app)
  iTunesHelper Programm (Apple - installed 2018-04-08)
    (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
  6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper SMLoginItem (AVAST Software a.s. - installed 2018-03-21)
    (/Applications/AvastSecureLine.app/Contents/Library/LoginItems/6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper.app)

Internet Plug-ins:
  QuickTime Plugin: 7.7.3 (installed 2018-04-17)

Time Machine:
  Time Machine Not Configured!

Top Processes by CPU:
  Process (count)          Source                  % of CPU
  Google Chrome Helper (7)  Google, Inc.                  46
  kernel_task              Apple                        39
  WindowServer              Apple                        32
  Google Chrome            Google, Inc.                  13
  Microsoft AutoUpdate      Microsoft Corporation        13

Top Processes by Memory:
  Process (count)          Source                RAM usage
  kernel_task              Apple                    592 MB
  Google Chrome Helper (7)  Google, Inc.              267 MB
  helpd                    Apple                    134 MB
  Google Chrome            Google, Inc.              104 MB
  com.avast.daemon          AVAST Software a.s.        68 MB

Top Processes by Network Use:
  Process          Source                Input  Output
  com.avast.proxy  AVAST Software a.s.  253 KB    3 KB
  Dropbox          Dropbox, Inc.          98 KB  84 KB
  mDNSResponder    Apple                  75 KB  50 KB
  apsd            Apple                  10 KB  16 KB
  netbiosd        Apple                  1 KB  708 B

Top Processes by Energy Use:
  Process (count)          Source                    Energy usage (0-100)
  Google Chrome Helper (7)  Google, Inc.              19
  WindowServer              Apple                    12
  Google Chrome            Google, Inc.              7
  Microsoft AutoUpdate      Microsoft Corporation    6
  RTProtectionDaemon        Malwarebytes Corporation  0

Virtual Memory Information:
  Available RAM    1.30 GB
  Free RAM          16 MB
  Used RAM        2.70 GB
  Cached files    1.28 GB
  Swap Used        382 MB

Clean up:
  ~/Library/LaunchAgents/com.avast.home.userinit.plist
    /Users/***/Library/Application Support/Avast/hub/userinit.sh
    Executable not found

Diagnostics Information (past 7 days):
  2018-04-17 09:27:45 CalendarAgent Crash (once)

End of report

Dante12 17.04.2018 20:08
Möglicherweise kommen die Pop-Ups von AvastSecureLine? Das ist ein kostenloser Dienst soweit mir bekannt ist.

Schritt 1
  1. Deinstalliert bitte AvastSecureLine Anleitung
  2. Überprüfe alle Erweiterungen in Google Chrome und entferne unbekannte und nicht mehr benötigte. Wichtig: Wenn du den Google Sync verwendest bitte nicht abschalten sonst wird nach neuer Installation von Chrome der alte Ballast wieder aufgespielt.
  3. Zurücksetzen von Google Chrome. Wichtig: Exportiere deine Lesezeichen auf deinem Desktop wenn nötig.

Schritt 2

Prüfen mit DetectX Swift
  1. Lade dir bitte DetectX Swift herunter.
  2. Öffne das DMG-Archiv, akzeptiere die Lizenzbestimmungen und verschiebe die App in den Programm-Ordner.
  3. Starte DetectX Swift klicke auf OK und anschliessend auf Search. Lösche gefundene Einträge.
  4. Wenn du dir beim löschen nicht sicher bist, dann Frage lieber einmal mehr hier im Forum (mache bitte ein Screenshot wenn nötig).

    http://dante.trojaner-board.de/bilder/detectX-Swift.png
  5. Erstelle bitte ein Log in dem du auf Profile klickst.
  6. Klick auf den Button Share Options.. und anschliessend wähle die Option Sanitized.
  7. Als letztes klicke bitte auf Copy Report to Clipboard
  8. Füge das Log hier in das Forum in Code-Tags ein.

http://dante.trojaner-board.de/bilde...ad-Profile.png


DetextX-Swift History

Berichte bitte ob die Pop-Ups nach diesen Schritten weiterhin vorhanden sind.

LiLciL 18.04.2018 06:55
Hi,

Avast Secure Line war nicht aktiv, aber habe ich jetzt deinstalliert. Wäre es aber nicht ein bisschen Paradox, dass ein AntiVirus Hersteller Malware verbreitet?

Chrome wurde zurückgesetzt, die Lesezeichen mussten nicht gesichert werden.

DetectX hat nichts gefunden:
Code:
Timestamp (3): Mi. Apr. 18 07:50:34 2018
DetectX Swift v1.060

macOS: Version 10.13.4 (Build 17E199)
File System: apfs
Temp: The thermal state is within normal limits.

Boot time: Wed Apr 18 07:38:05 2018
Uptime: up 12 mins, 1 user

Spotlight status for /:
        Indexing enabled.
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is On.

Internet:        Reachable


    Hardware Overview:

      Model Name: MacBook Air
      Model Identifier: MacBookAir7,1
      Processor Name: Intel Core i5
      Processor Speed: 1,6 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache (per Core): 256 KB
      L3 Cache: 3 MB
      Memory: 4 GB
      Boot ROM Version: MBA71.0176.B00
      SMC Version (system): 2.26f2



  Sharing Preferences:

        File Sharing:  Off
        Screen Sharing:  Off
        Remote Management:  Off
        Back To My Mac:  Off
        Remote Login:  Off
        Remote Apple Events:  Off


3rd Party Kexts (loaded):

        com.malwarebytes.mbam.rtprotection
        com.avast.FileShield
        com.avast.PacketForwarder


 $PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin


/etc/paths:
        /usr/local/bin
        /usr/bin
        /bin
        /usr/sbin
        /sbin

/etc/paths.d/:
        /Library/TeX/texbin
       
       

~/.bash_profile:
       
~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:


PID        Status        Label
488        0        com.getdropbox.dropbox.7976
-        78        com.avast.home.userinit
-        0        com.avast.userinit
820        0        com.avast.helper
468        0        com.malwarebytes.mbam.frontend.agent
-        0        com.openssh.ssh-agent
-        0        com.microsoft.update.agent
-        0        com.sqwarq.DetectX-Swift.observer
1764        0        com.sqwarq.DetectX-Swift.9508
492        0        com.unified.Unified-Remote.7972
881        0        com.google.Chrome.7988
-        0        com.google.keystone.user.agent
-        0        com.dropbox.DropboxMacUpdate.agent


 System Launchd processes:

0      0        com.avast.account
60      -        com.malwarebytes.mbam.rtprotection.daemon
0      -        com.vix.cron
793      -        com.avast.wifiguard
0      -        org.postfix.master
0      0        com.avast.update
0      -        com.microsoft.office.licensingV2.helper
231      -        com.avast.daemon
0      0        com.microsoft.autoupdate.helper
253      -        org.cups.cupsd
0      -        com.avast.uninstall
0      0        com.avast.init
436      -        com.malwarebytes.mbam.settings.daemon
752      -        com.avast.proxy
723      -        com.avast.service
718      -        com.avast.fileshield



 User Login Items:

 iTunesHelper
 Dropbox




 /Library/LaunchDaemons:

        com.malwarebytes.mbam.settings.daemon.plist
                -> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Contents/MacOS/SettingsDaemon
       
        com.malwarebytes.mbam.rtprotection.daemon.plist
                -> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app/Contents/MacOS/RTProtectionDaemon
       
        com.avast.update.plist
                --> Program Arguments: /Library/Application Support/Avast/components/update/update.sh
       
        com.avast.init.plist
                --> Program Arguments: /Library/Application Support/Avast/hub/init.sh
       
        com.avast.uninstall.plist
                --> Program Arguments: /Library/Application Support/Avast/hub/autouninstall.sh
       
        com.microsoft.office.licensingV2.helper.plist
                -> Program: /Library/PrivilegedHelperTools/com.microsoft.office.licensingV2.helper
                --> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensingV2.helper
       
        com.microsoft.autoupdate.helper.plist
                -> Program: /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
       



 /Library/LaunchAgents:

        com.malwarebytes.mbam.frontend.agent.plist
                -> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/FrontendAgent.app/Contents/MacOS/FrontendAgent
       
        com.avast.userinit.plist
                -> Program: /Library/Application Support/Avast/hub/userinit.sh
       
        com.microsoft.update.agent.plist
                --> Program Arguments: /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon
                --> Program Arguments: -checkForUpdates
       



 ~/Library/LaunchAgents:

        com.avast.home.userinit.plist
                --> Program Arguments: /Users/[U501]/Library/Application Support/Avast/hub/userinit.sh
       
        com.google.keystone.agent.plist
                --> Program Arguments: /Users/[U501]/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
                --> Program Arguments: -runMode
                --> Program Arguments: ifneeded
       
        com.dropbox.DropboxMacUpdate.agent.plist
                --> Program Arguments: /Users/[U501]/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate
                --> Program Arguments: -check
                --> Program Arguments: periodic
       
        com.sqwarq.DetectX-Swift.observer.plist
                --> Program Arguments: /Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift
                --> Program Arguments: -observer
       

 User Crontab:

        No cron jobs



 /etc:

        rc.common
        bashrc_Apple_Terminal
        bashrc
        zshrc
        rc.netboot
        efax.rc~previous
        php.ini.default-previous~orig
        php.ini.default-5.2-previous
        aliases
        zprofile

 / $Root:

        .HFS+ Private Directory Data
 / .. children: 0
        installer.failurerequests
        .file
        .Trashes / .. children: 0
        vm / .. children: 1
        .dbfseventsd

 ~/ $Home:

        Music / .. children: 2
        .CFUserTextEncoding
        Pictures / .. children: 10
        .rnd
        Desktop / .. children: 14
        Library / .. children: 70
        .cups / .. children: 1
        .bash_sessions / .. children: 5
        Public / .. children: 3
        .dropbox / .. children: 11
        Movies / .. children: 1
        Applications / .. children: 2
        Dropbox / .. children: 14
        Dropbox Silvio / .. children: 2
        .Trash / .. children: 40
        Documents / .. children: 15
        Downloads / .. children: 201
        .bash_history



 ~/Library:

        TeXShop / .. children: 16
        PDF Services / .. children: 0
        Google / .. children: 2
        Family / .. children: 1
        Icons / .. children: 3
        Dropbox / .. children: 1
        VirtualDJ / .. children: 13



 ~/Library/Application Support:

        Firefox / .. children: 4
        com.apple.sbd / .. children: 2
        SyncServices / .. children: 1
        Mozilla / .. children: 1
        com.apple.touristd / .. children: 11
        DiskImages / .. children: 1
        Microsoft AU Daemon / .. children: 2
        MobileSync / .. children: 1
        Google / .. children: 2
        Unified Remote / .. children: 15
        Avast / .. children: 1
        CEF / .. children: 1
        org.videolan.vlc / .. children: 1
        com.sqwarq.DetectX-Swift / .. children: 2
        TeX Live Utility / .. children: 1
        AdwareMedic / .. children: 1
        etcher / .. children: 5
        Dropbox / .. children: 3
        Preview / .. children: 0
        Microsoft AutoUpdate / .. children: 2
        com.thesafemac.adwaremedic / .. children: 4



 ~/Library/Safari/Extensions:

        *-- Folder doesn't exist --*



 ~/Library/Internet Plug-Ins:

       



 /Users/Shared:

        adi / .. children: 4
        SC Info / .. children: 1
       



 /Applications:

        VLC.app
        TeX / .. children: 13
        Cinderella2.app
        Avast.app
        Google Chrome.app
        Alarm Clock.app
        Dropbox.app
        Unified Remote.app
        DetectX Swift.app
        AdwareMedic.app
        Microsoft Word.app
        Microsoft Excel.app
        Microsoft Outlook.app
        Malwarebytes.app
        VirtualDJ Home.app
        Microsoft OneNote.app
        Firefox.app
        Microsoft PowerPoint.app
        Slack.app



 /Library:

        DropboxHelperTools / .. children: 3
        TeX / .. children: 5



 /Library/Application Support:

        Avira / .. children: 4
        Microsoft / .. children: 1
        Avast / .. children: 14
        Malwarebytes / .. children: 1



 /Library/Extensions:

        MB_MBAM_Protection.kext



 /Library/Internet Plug-Ins:

        Disabled Plug-Ins / .. children: 2



 /Library/Managed Preferences:

        *-- Folder doesn't exist --*



 /Library/PrivilegedHelperTools:

        com.microsoft.autoupdate.helper
        com.microsoft.office.licensingV2.helper



 /Library/ScriptingAdditions:

       



 /Library/StartupItems:

       



 /Library/Updates:

        ProductMetadata.plist
        index.plist



Top Processes:

%CPU        PID        COMMAND       
9.4                0                kernel_task
8.2                217                WindowServer
6.4                1764                DetectX Swift
6.1                881                Google Chrome
3.6                114                hidd
3.3                1                launchd
1.9                492                Unified Remote
0.8                311                sandboxd
0.3                903                Google Chrome He
0.2                73                powerd


Running Processes:

PPID        PID        %CPU        USER        COMMAND       
0                1                0.8                root                /sbin/launchd
1                57                0.0                root                /usr/sbin/syslogd
1                58                0.0                root                /usr/libexec/UserEventAgent (System)
1                60                0.0                root                /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app/Contents/MacOS/RTProtectionDaemon
1                63                0.0                root                /System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld
1                64                0.0                root                /usr/libexec/kextd
1                65                0.0                root                /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd
1                67                0.0                root                /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
1                69                0.0                _appleevents                /System/Library/CoreServices/appleeventsd --server
1                70                0.0                root                /usr/sbin/systemstats --daemon
1                72                0.0                root                /usr/libexec/configd
1                73                0.1                root                /System/Library/CoreServices/powerd.bundle/powerd
1                76                0.4                root                /usr/libexec/logd
1                77                0.0                root                /usr/libexec/keybagd -t 15
1                82                0.0                root                /usr/libexec/warmd
1                83                0.0                root                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds
1                84                0.0                _iconservices                /System/Library/CoreServices/iconservicesd
1                85                0.0                root                /System/Library/CoreServices/iconservicesagent
1                86                0.0                root                /usr/libexec/diskarbitrationd
1                89                0.0                root                /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd
1                90                0.0                root                /usr/libexec/coreduetd
1                93                0.5                root                /usr/libexec/opendirectoryd
1                94                0.0                root                /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
1                95                0.0                root                /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated
1                96                0.0                root                /System/Library/CoreServices/launchservicesd
1                97                0.0                _timed                /usr/libexec/timed
1                99                0.0                root                /usr/sbin/securityd -i
1                100                0.0                _usbmuxd                /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd
1                102                0.0                _locationd                /usr/libexec/locationd
1                103                0.0                root                autofsd               
1                104                0.0                _displaypolicyd                /usr/libexec/displaypolicyd -k 1
1                105                0.0                root                /usr/libexec/dasd
1                108                0.0                [U501]                /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
1                109                0.0                root                /System/Library/CoreServices/logind
1                110                0.0                root                /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond
1                111                0.0                root                /usr/sbin/KernelEventAgent
1                113                0.0                root                /usr/sbin/bluetoothd
1                114                4.1                _hidd                /usr/libexec/hidd
1                115                0.0                root                /usr/libexec/corebrightnessd --launchd
1                116                0.0                root                /usr/libexec/AirPlayXPCHelper
1                117                0.3                root                /usr/sbin/notifyd
1                118                0.0                _distnote                /usr/sbin/distnoted daemon
1                119                0.0                root                /usr/libexec/amfid
1                120                0.0                root                /usr/sbin/cfprefsd daemon
1                124                0.0                root                /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/authd.xpc/Contents/MacOS/authd
1                125                0.0                root                /System/Library/CoreServices/coreservicesd
1                126                0.0                root                aslmanager               
1                133                0.0                root                /usr/libexec/nehelper
1                143                0.0                root                /usr/libexec/trustd
1                144                0.0                root                /usr/libexec/airportd
1                145                0.0                _coreaudiod                /usr/sbin/coreaudiod
1                146                0.0                root                /System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
1                148                0.0                _coreaudiod                /System/Library/Frameworks/CoreAudio.framework/Versions/A/XPCServices/com.apple.audio.DriverHelper.xpc/Contents/MacOS/com.apple.audio.DriverHelper
1                149                0.0                root                /usr/sbin/ocspd
1                152                0.0                _ctkd                /System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s
1                180                0.0                root                /usr/libexec/mobileassetd
1                197                0.0                _mdnsresponder                /usr/sbin/mDNSResponder
1                198                0.0                _nsurlsessiond                /usr/libexec/nsurlsessiond --privileged
1                199                0.0                root                /usr/sbin/mDNSResponderHelper
1                200                0.0                root                /usr/libexec/findmydeviced
1                202                0.0                root                /System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd
1                203                0.0                _analyticsd                /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd
1                204                0.0                root                /usr/libexec/lsd runAsRoot
1                217                9.5                _windowserver                /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon
1                223                0.0                root                /usr/libexec/apfsd
1                226                0.0                root                /usr/libexec/usbd
1                227                0.0                root                /usr/libexec/powerlogd
1                229                0.0                root                /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
1                231                0.0                root                /Library/Application Support/Avast/components/daemon/com.avast.daemon -n
1                234                0.0                root                /System/Library/PrivateFrameworks/SignpostNotification.framework/Versions/A/XPCServices/signpost_notificationd.xpc/Contents/MacOS/signpost_notificationd
1                236                0.0                root                /usr/libexec/ApplicationFirewall/socketfilterfw
1                237                0.0                root                /usr/libexec/secinitd
1                240                0.0                root                /usr/libexec/sysmond
1                253                0.0                root                /usr/sbin/cupsd -l
70                265                0.0                root                /usr/sbin/systemstats --logger-helper /private/var/db/systemstats
1                268                0.0                root                /System/Library/Frameworks/CoreMediaIO.framework/Versions/A/XPCServices/com.apple.cmio.registerassistantservice.xpc/Contents/MacOS/com.apple.cmio.registerassistantservice
1                269                0.0                _cmiodalassistants                /Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant
1                271                0.0                root                /usr/libexec/syspolicyd
1                272                0.0                _networkd                /usr/libexec/symptomsd
1                275                0.0                root                /usr/libexec/watchdogd
1                276                0.0                root                /usr/libexec/thermald
1                278                0.0                root                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores
1                282                0.0                root                /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1                283                0.0                _coreaudiod                /System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1                285                0.0                _nsurlstoraged                /usr/libexec/nsurlstoraged --privileged
1                287                0.0                root                /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer
1                288                0.0                root                /usr/libexec/colorsync.displayservices
1                294                0.0                root                /usr/libexec/colorsyncd
1                297                0.0                root                /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/com.apple.CodeSigningHelper.xpc/Contents/MacOS/com.apple.CodeSigningHelper
1                299                0.0                root                /usr/libexec/bootinstalld
1                311                0.0                root                /usr/libexec/sandboxd
1                312                0.0                root                /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1                317                0.0                root                /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d
1                321                0.0                root                /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1                324                0.0                root                /System/Library/Frameworks/GSS.framework/Helpers/GSSCred
1                325                0.0                root                /System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd
1                327                0.0                _captiveagent                /usr/libexec/captiveagent
1                329                0.0                root                /System/Library/CoreServices/sharedfilelistd
1                330                0.0                _netbios                /usr/sbin/netbiosd
1                331                0.0                root                /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1                332                0.0                root                /usr/libexec/securityd_service
1                334                0.0                [U501]                /usr/sbin/cfprefsd agent
1                335                0.0                [U501]                /usr/libexec/UserEventAgent (Aqua)
1                337                0.0                [U501]                /usr/sbin/distnoted agent
1                338                0.0                [U501]                /usr/sbin/universalaccessd launchd -s
1                339                0.0                [U501]                /System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L
1                340                0.0                [U501]                /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock
1                341                0.0                [U501]                /System/Library/CoreServices/talagent
1                342                0.0                [U501]                /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer
1                343                0.0                [U501]                /usr/libexec/lsd
1                344                0.0                [U501]                /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
1                345                0.0                [U501]                /usr/libexec/trustd --agent
1                346                0.0                [U501]                /usr/libexec/secd
1                348                0.0                [U501]                /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
1                351                0.0                [U501]                /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1                352                0.0                [U501]                /usr/libexec/pboard
1                354                0.0                [U501]                /System/Library/CoreServices/sharedfilelistd
1                355                0.0                [U501]                /usr/libexec/pkd
1                356                0.0                root                /usr/sbin/spindump
1                357                0.0                root                /System/Library/CoreServices/SubmitDiagInfo server-init
1                359                0.0                [U501]                /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
1                361                0.0                [U501]                /System/Library/CoreServices/iconservicesagent
1                364                0.0                [U501]                /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd
1                365                0.0                [U501]                /usr/libexec/nsurlsessiond
1                366                0.0                [U501]                /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd
1                370                0.0                [U501]                /System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarAgent
1                371                0.0                [U501]                /usr/libexec/knowledge-agent
1                373                0.0                [U501]                /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
1                375                0.0                [U501]                /System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd
1                376                0.0                [U501]                /usr/libexec/secinitd
1                377                0.0                [U501]                /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1                379                0.0                root                /usr/sbin/filecoordinationd
1                380                0.0                [U501]                /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1                381                0.0                [U501]                /System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper
1                382                0.0                [U501]                /usr/libexec/siriknowledged
1                383                0.0                [U501]                /usr/libexec/keyboardservicesd
1                384                0.0                [U501]                /usr/libexec/SafariCloudHistoryPushAgent
1                385                0.0                [U501]                /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1                386                0.0                [U501]                /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1                387                0.0                [U501]                /System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper
1                388                0.0                [U501]                /System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed
1                389                0.0                [U501]                /System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond
1                390                0.0                [U501]                /System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariBookmarksSyncAgent
1                391                0.0                [U501]                /usr/libexec/sharingd
1                392                0.0                [U501]                /System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1                394                0.0                [U501]                /System/Library/PrivateFrameworks/PassKitCore.framework/passd
1                395                0.0                [U501]                /usr/libexec/fmfd
1                396                0.0                [U501]                /System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd
1                397                0.0                [U501]                /usr/sbin/usernoted
1                398                0.0                [U501]                /System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService
1                399                0.0                [U501]                /usr/libexec/nsurlstoraged
1                400                0.0                _locationd                /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1                401                0.0                _locationd                /usr/libexec/secinitd
1                402                0.0                [U501]                /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter
1                403                0.0                root                /usr/sbin/WirelessRadioManagerd
1                404                0.0                [U501]                /System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd
1                405                0.0                [U501]                /System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent
1                406                0.0                [U501]                /System/Library/PrivateFrameworks/IMDPersistence.framework/XPCServices/IMDPersistenceAgent.xpc/Contents/MacOS/IMDPersistenceAgent
1                407                0.0                _fpsd                /System/Library/PrivateFrameworks/CoreADI.framework/adid
1                408                0.0                [U501]                /System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd
1                409                0.0                root                /usr/sbin/wirelessproxd
1                411                0.0                [U501]                /usr/libexec/rapportd
1                412                0.0                [U501]                /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
1                413                0.0                [U501]                /usr/libexec/routined LAUNCHED_BY_LAUNCHD
1                414                0.0                root                /System/Library/CoreServices/CrashReporterSupportHelper server-init
1                415                0.0                root                /usr/sbin/systemsoundserverd
1                416                0.0                _locationd                /usr/sbin/cfprefsd agent
1                417                0.0                root                /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system
1                418                0.0                _locationd                /usr/libexec/trustd --agent
1                419                0.0                [U501]                /System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent
1                420                0.0                [U501]                /System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd
1                421                0.0                [U501]                /System/Library/CoreServices/APFSUserAgent
1                423                0.0                [U501]                /System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent
1                424                0.0                [U501]                /usr/libexec/networkserviceproxy
1                425                0.0                [U501]                /System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent
1                426                0.0                [U501]                /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1                427                0.0                [U501]                /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1                428                0.0                root                /System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent
1                429                0.0                [U501]                /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent
1                432                0.0                _applepay                /usr/libexec/nfcd
1                436                0.0                root                /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Contents/MacOS/SettingsDaemon
1                437                0.0                [U501]                SafeEjectGPUAgent               
1                440                0.0                [U501]                /System/Library/CoreServices/Menu Extras/SafeEjectGPUExtra.menu/Contents/XPCServices/SafeEjectGPUService.xpc/Contents/MacOS/SafeEjectGPUService
1                441                0.0                [U501]                /System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
1                446                0.0                [U501]                /System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
1                448                0.0                [U501]                /System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.extra.xpc/Contents/MacOS/com.apple.dock.extra
1                449                0.0                [U501]                /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1                450                0.0                [U501]                /Applications/Dropbox.app/Contents/PlugIns/garcon.appex/Contents/MacOS/garcon
1                451                0.0                [U501]                /System/Library/PrivateFrameworks/ContactsAgent.framework/Executables/ContactsAgent
1                454                0.0                [U501]                /System/Library/PrivateFrameworks/FileProvider.framework/Support/fileproviderd
1                457                0.0                [U501]                /usr/sbin/ckkeyrolld
1                459                0.0                [U501]                /System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAgent
1                462                0.0                [U501]                /usr/libexec/dmd
1                463                0.0                [U501]                /System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
1                466                0.0                [U501]                /System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd
1                467                0.0                [U501]                /System/Library/Image Capture/Support/icdd
1                468                0.0                [U501]                /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/FrontendAgent.app/Contents/MacOS/FrontendAgent
1                471                0.0                [U501]                /System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd
1                473                0.0                [U501]                /System/Library/CoreServices/cloudpaird
1                474                0.0                [U501]                /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent
1                475                0.0                [U501]                /System/Library/CoreServices/diagnostics_agent
1                477                0.0                [U501]                /System/Library/CoreServices/backgroundtaskmanagementagent
1                478                0.0                [U501]                /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp
1                480                0.0                [U501]                /System/Library/PrivateFrameworks/CoreWLANKit.framework/Versions/A/XPCServices/WiFiProxy.xpc/Contents/MacOS/WiFiProxy
1                481                0.0                [U501]                /System/Library/PrivateFrameworks/CoreParsec.framework/parsecd
1                482                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd
1                484                0.0                [U501]                /System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/Frameworks/CloudPhotosConfigurationXPC.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
1                486                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce
1                487                0.0                [U501]                /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTunesHelper
1                488                0.0                [U501]                /Applications/Dropbox.app/Contents/MacOS/Dropbox
1                489                0.0                [U501]                /System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw
1                491                0.0                [U501]                /Applications/Dropbox.app/Contents/MacOS/Dropbox -type:crashpad-handler --capture-python --no-upload-gzip --no-rate-limit --database=/Users/[U501]/.dropbox/Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-mac-47.4.74 --annotation=client_session_id=f754c8d5-d6e7-46bf-9644-fe99f2130e54 --annotation=host_int_account1_boot=6154485346 --annotation=machine_id=3cff3067-1971-5527-8572-058d10063a78 --annotation=platform=mac --annotation=platform_version=10.13.4 --handshake-fd=4
1                492                0.4                [U501]                /Applications/Unified Remote.app/Contents/MacOS/Unified Remote
488                493                0.0                [U501]                /Applications/Dropbox.app/Contents/MacOS/Dropbox -type:exit-monitor -python-version:2.7.11 -method:collectupload -session-token:f754c8d5-d6e7-46bf-9644-fe99f2130e54 -target-handle:488 -target-shutdown-event:4 -target-command-line:/Applications/Dropbox.app/Contents/MacOS/Dropbox
1                494                0.0                [U501]                /System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper
1                495                0.0                [U501]                /System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension
1                497                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd
1                498                0.0                [U501]                /usr/libexec/swcd
1                505                0.0                [U501]                /System/Library/CoreServices/NotificationCenter.app/Contents/XPCServices/com.apple.notificationcenterui.WeatherSummary.xpc/Contents/MacOS/com.apple.notificationcenterui.WeatherSummary
1                533                0.0                [U501]                /System/Library/CoreServices/pbs
1                544                0.0                [U501]                /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1                546                0.0                [U501]                /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/XPCServices/ContainerMetadataExtractor.xpc/Contents/MacOS/ContainerMetadataExtractor
1                574                0.0                [U501]                /usr/libexec/loginitemregisterd
1                575                0.0                root                /usr/libexec/smd
1                576                0.0                [U501]                /System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing
1                592                0.0                [U501]                /System/Library/PrivateFrameworks/CacheDelete.framework/deleted
1                594                0.0                [U501]                /usr/libexec/videosubscriptionsd
1                612                0.0                [U501]                /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent
1                613                0.0                [U501]                /usr/libexec/spindump_agent
1                614                0.0                root                /usr/libexec/diskmanagementd
1                617                0.0                _softwareupdate                /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
1                622                0.0                root                /System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
1                627                0.0                [U501]                /Applications/Dropbox.app/Contents/XPCServices/DropboxActivityProvider.xpc/Contents/MacOS/DropboxActivityProvider
1                629                0.0                root                /usr/libexec/taskgated -s
1                630                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy
1                631                0.0                [U501]                /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/XPCServices/media-indexer.xpc/Contents/MacOS/media-indexer
488                648                0.0                root                /Library/DropboxHelperTools/Dropbox_u501/dbfseventsd
648                649                0.0                root                /Library/DropboxHelperTools/Dropbox_u501/dbfseventsd
649                650                0.0                [U501]                /Library/DropboxHelperTools/Dropbox_u501/dbfseventsd
1                652                0.0                [U501]                /Applications/Dropbox.app/Contents/XPCServices/DropboxFolderTagger.xpc/Contents/MacOS/DropboxFolderTagger
1                660                0.0                _locationd                /usr/sbin/distnoted agent
1                676                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd
1                718                0.0                root                /Library/Application Support/Avast/components/fileshield/com.avast.fileshield
1                723                0.0                root                /Library/Application Support/Avast/components/service/com.avast.service
1                752                0.0                root                /Library/Application Support/Avast/components/proxy/com.avast.proxy -n
1                793                0.0                root                /Library/Application Support/Avast/components/wifiguard/com.avast.wifiguard
1                820                0.0                [U501]                /Library/Application Support/Avast/components/helper/com.avast.helper.app/Contents/MacOS/com.avast.helper
1                842                0.0                [U501]                /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService
253                843                0.0                _lp                KONICA_MINOLTA_magicolor_1650W                121                [U501]                Parkinweis.pdf                9                AP_ColorMatchingMode=AP_ApplicationColorMatching                AP_D_InputSlot=                noBookletBinding..b.                BookletType..n.=0                collate                com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf                com.apple.print.JobInfo.PMApplicationName=Vorschau                com.apple.print.JobInfo.PMJobName=Parkinweis.pdf                com.apple.print.JobInfo.PMJobOwner=Marlen\                Teske                com.apple.print.PageToPaperMappingMediaName=A4                com.apple.print.PageToPaperMappingType..n.=1                com.apple.print.preset.Orientation..n.=1                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583                nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\                A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4                com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221                com.apple.print.PrintSettings.PMColorMatchingMode..n.=0                com.apple.print.PrintSettings.PMColorSpaceModel..n.=2                com.apple.print.PrintSettings.PMCopies..n.=9                com.apple.print.PrintSettings.PMCopyCollate..b.                com.apple.print.PrintSettings.PMDestinationType..n.=1                com.apple.print.PrintSettings.PMFirstPage..n.=1                com.apple.print.PrintSettings.PMLastPage..n.=2147483647                com.apple.print.PrintSettings.PMLayoutColumns..n.=1                com.apple.print.PrintSettings.PMLayoutRows..n.=1                com.apple.print.PrintSettings.PMPageRange..a.0..n.=1                com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647                DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W                media=A4                PaperInfoIsSuggested..b.                noPDFIsProtected..b.                pserrorhandler-requested=standard                job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c                job-originating-host-name=localhost                date-time-at-creation=                date-time-at-processing=                time-at-creation=1521392709                time-at-processing=1524029943                document-name-supplied=Parkinweis.pdf                job-impressions=9                com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9                sides=one-sided                Duplex=None                com.apple.print.PrintSettings.PMTotalBeginPages..n.=1                PageSize=A4                /private/var/spool/cups/d00121-001
253                844                0.0                _lp                KONICA_MINOLTA_magicolor_1650W                121                [U501]                Parkinweis.pdf                9                AP_ColorMatchingMode=AP_ApplicationColorMatching                AP_D_InputSlot=                noBookletBinding..b.                BookletType..n.=0                collate                com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf                com.apple.print.JobInfo.PMApplicationName=Vorschau                com.apple.print.JobInfo.PMJobName=Parkinweis.pdf                com.apple.print.JobInfo.PMJobOwner=Marlen\                Teske                com.apple.print.PageToPaperMappingMediaName=A4                com.apple.print.PageToPaperMappingType..n.=1                com.apple.print.preset.Orientation..n.=1                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583                nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\                A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4                com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221                com.apple.print.PrintSettings.PMColorMatchingMode..n.=0                com.apple.print.PrintSettings.PMColorSpaceModel..n.=2                com.apple.print.PrintSettings.PMCopies..n.=9                com.apple.print.PrintSettings.PMCopyCollate..b.                com.apple.print.PrintSettings.PMDestinationType..n.=1                com.apple.print.PrintSettings.PMFirstPage..n.=1                com.apple.print.PrintSettings.PMLastPage..n.=2147483647                com.apple.print.PrintSettings.PMLayoutColumns..n.=1                com.apple.print.PrintSettings.PMLayoutRows..n.=1                com.apple.print.PrintSettings.PMPageRange..a.0..n.=1                com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647                DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W                media=A4                PaperInfoIsSuggested..b.                noPDFIsProtected..b.                pserrorhandler-requested=standard                job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c                job-originating-host-name=localhost                date-time-at-creation=                date-time-at-processing=                time-at-creation=1521392709                time-at-processing=1524029943                document-name-supplied=Parkinweis.pdf                job-impressions=9                com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9                sides=one-sided                Duplex=None                com.apple.print.PrintSettings.PMTotalBeginPages..n.=1                PageSize=A4               
253                845                0.0                _lp                socket://192.168.000.177/                121                [U501]                Parkinweis.pdf                9                AP_ColorMatchingMode=AP_ApplicationColorMatching                AP_D_InputSlot=                noBookletBinding..b.                BookletType..n.=0                collate                com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf                com.apple.print.JobInfo.PMApplicationName=Vorschau                com.apple.print.JobInfo.PMJobName=Parkinweis.pdf                com.apple.print.JobInfo.PMJobOwner=Marlen\                Teske                com.apple.print.PageToPaperMappingMediaName=A4                com.apple.print.PageToPaperMappingType..n.=1                com.apple.print.preset.Orientation..n.=1                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583                nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\                A4                com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4                com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221                com.apple.print.PrintSettings.PMColorMatchingMode..n.=0                com.apple.print.PrintSettings.PMColorSpaceModel..n.=2                com.apple.print.PrintSettings.PMCopies..n.=9                com.apple.print.PrintSettings.PMCopyCollate..b.                com.apple.print.PrintSettings.PMDestinationType..n.=1                com.apple.print.PrintSettings.PMFirstPage..n.=1                com.apple.print.PrintSettings.PMLastPage..n.=2147483647                com.apple.print.PrintSettings.PMLayoutColumns..n.=1                com.apple.print.PrintSettings.PMLayoutRows..n.=1                com.apple.print.PrintSettings.PMPageRange..a.0..n.=1                com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647                DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W                media=A4                PaperInfoIsSuggested..b.                noPDFIsProtected..b.                pserrorhandler-requested=standard                job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c                job-originating-host-name=localhost                date-time-at-creation=                date-time-at-processing=                time-at-creation=1521392709                time-at-processing=1524029943                document-name-supplied=Parkinweis.pdf                job-impressions=9                com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9                sides=one-sided                Duplex=None                com.apple.print.PrintSettings.PMTotalBeginPages..n.=1                PageSize=A4               
1                846                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.app/Contents/MacOS/LaterAgent
1                847                0.0                [U501]                /System/Library/PrivateFrameworks/QuickLookThumbnailing.framework/Support/com.apple.quicklook.ThumbnailsAgent
1                849                0.0                root                /usr/libexec/dmd
1                850                0.0                [U501]                /System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Support/photolibraryd
1                852                0.0                [U501]                /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistant_service
1                853                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                854                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                855                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                856                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                857                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                858                0.0                [U501]                /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1                859                0.0                [U501]                /System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServicesUIAgent
1                862                0.0                _spotlight                /usr/libexec/trustd --agent
1                864                0.0                [U501]                /System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Frameworks/PhotoLibraryServices.framework/Versions/A/XPCServices/com.apple.photomoments.xpc/Contents/MacOS/com.apple.photomoments
1                865                0.0                [U501]                /System/Library/CoreServices/ScopedBookmarkAgent
1                866                0.0                [U501]                /System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1                867                0.0                [U501]                /System/Library/PrivateFrameworks/PhotoLibrary.framework/Versions/A/XPCServices/com.apple.PhotoIngestService.xpc/Contents/MacOS/com.apple.PhotoIngestService
1                868                0.0                [U501]                /System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a
1                869                0.0                _assetcache                /usr/libexec/AssetCache/AssetCache
1                870                0.0                [U501]                /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService
1                873                0.0                _spotlight                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                874                0.0                _spotlight                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                875                0.0                _spotlight                /usr/sbin/distnoted agent
1                878                0.0                [U501]                /System/Library/CoreServices/Siri.app/Contents/XPCServices/SiriNCService.xpc/Contents/MacOS/SiriNCService
1                879                0.0                _spotlight                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                880                0.0                _spotlight                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
1                881                8.3                [U501]                /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
1                882                0.0                _gamecontrollerd                /usr/libexec/gamecontrollerd
1                884                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Framework.framework/Helpers/crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/[U501]/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/Users/[U501]/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=65.0.3325.181 --handshake-fd=9
881                886                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=gpu-process --field-trial-handle=2815163317949699066,4040934811228552914,131072 --gpu-preferences=KAAAAAAAAAAAAQAAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAAOAAAAAbAAAA2AAAAAAAAADgAAAAAAAAAOgAAAAAAAAA8AAAAAAAAAD4AAAAAAAAAAABAAAAAAAACAEAAAAAAAAQAQAAAAAAABgBAAAAAAAAIAEAAAAAAAAoAQAAAAAAADABAAAAAAAAOAEAAAAAAABAAQAAAAAAAEgBAAAAAAAAUAEAAAAAAABYAQAAAAAAAGABAAAAAAAAaAEAAAAAAABwAQAAAAAAAHgBAAAAAAAAgAEAAAAAAACIAQAAAAAAAJABAAAAAAAAmAEAAAAAAACgAQAAAAAAAKgBAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAsAAAAQAAAAAAAAAAAAAAAMAAAAEAAAAAAAAAAAAAAADgAAABAAAAAAAAAAAAAAAA8AAAAQAAAAAAAAAAAAAAARAAAAEAAAAAAAAAAAAAAAEgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAALAAAAEAAAAAAAAAABAAAADAAAABAAAAAAAAAAAQAAAA4AAAAQAAAAAAAAAAEAAAAPAAAAEAAAAAAAAAABAAAAEQAAABAAAAAAAAAAAQAAABIAAAAQAAAAAAAAAAMAAAALAAAAEAAAAAAAAAADAAAADAAAABAAAAAAAAAAAwAAAA4AAAAQAAAAAAAAAAUAAAAFAAAAEAAAAAAAAAAFAAAADgAAABAAAAAAAAAABQAAAA8AAAAQAAAAAAAAAAUAAAARAAAAEAAAAAAAAAAFAAAAEgAAABAAAAAAAAAABgAAAAUAAAAQAAAAAAAAAAYAAAAOAAAAEAAAAAAAAAAGAAAADwAAABAAAAAAAAAABgAAABEAAAAQAAAAAAAAAAYAAAASAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x1626 --gpu-driver-vendor --gpu-driver-version --gpu-driver-date --gpu-active-vendor-id=0x8086 --gpu-active-device-id=0x1626 --service-request-channel-token=35EBE6D4E550B1BB4C3FE95F38001DD3
1                887                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Framework.framework/Versions/A/XPCServices/AlertNotificationService.xpc/Contents/MacOS/AlertNotificationService
1                895                0.0                [U501]                /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
881                903                0.2                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=C855E745FE696534AEE8DEC5EE7D680C --lang=de --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=C855E745FE696534AEE8DEC5EE7D680C --renderer-client-id=14
1                904                0.0                [U501]                /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell
1                1116                0.0                [U501]                /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd
1                1120                0.0                root                /System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd
1                1121                0.0                root                /usr/libexec/rtcreportingd
1                1125                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single
1                1126                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single
1                1127                0.0                [U501]                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single
1                1163                0.0                [U501]                /System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService
1                1169                0.0                root                /System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService
881                1184                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=D2E3F51CFDACD46445BCAF028F1E3325 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=D2E3F51CFDACD46445BCAF028F1E3325 --renderer-client-id=29
881                1185                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=D8B6BB786BF048D9F72A1EEC2149E424 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=D8B6BB786BF048D9F72A1EEC2149E424 --renderer-client-id=30
881                1186                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=79CDC23EF3DA55C4A6D5ADCC5FC070D5 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=79CDC23EF3DA55C4A6D5ADCC5FC070D5 --renderer-client-id=31
881                1187                0.0                [U501]                /Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=2B208D48072F80158389F15C63FBC15B --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=2B208D48072F80158389F15C63FBC15B --renderer-client-id=32
1                1277                0.0                [U501]                /System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1                1278                0.0                root                /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
1                1280                0.0                [U501]                /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 13756C99-FA72-4494-B88C-E98220045D3F -post-exec 4
1                1317                0.0                _spotlight                /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single
1                1591                0.0                [U501]                /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1                1592                0.0                root                /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1                1593                0.0                root                /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1                1594                0.0                root                /usr/bin/sysdiagnose
1                1596                0.0                [U501]                /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.apple.MediaLibraryService.xpc/Contents/MacOS/com.apple.MediaLibraryService
1                1729                0.0                [U501]                /Applications/Safari.app/Contents/MacOS/Safari
1                1730                0.0                [U501]                /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1                1731                0.0                [U501]                /System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService
1                1732                0.0                [U501]                /System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd
1                1734                0.0                [U501]                /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking
1                1735                0.0                [U501]                /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1                1736                0.0                root                /usr/libexec/dprivacyd
1                1738                0.0                [U501]                /System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1                1761                0.0                [U501]                /System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync
1                1762                0.0                root                /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd
1                1764                6.9                [U501]                /Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift
1                1890                0.0                [U501]                /System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService

«»EOF»«
Als ich den Rechner vorhin gestartet habe, habe ich nochmal auf die Seiten geachtet. Erst öffnet sich "adstore.club" oder so ähnlich, leider war es nur kurz zu sehen, und danach "myhompage.info" (ja, ohne "e").

wann sich das öffnet ist sehr sporadisch, aber ich melde mich einfach, wenn es nochmal passiert. Vielen Dank soweit! :daumenhoc

mfg

Dante12 18.04.2018 17:13
Zitat:
Wäre es aber nicht ein bisschen Paradox, dass ein AntiVirus Hersteller Malware verbreitet?
Der Artikel unten ist von 2014 aber eine neuere Version macht das alles nicht vertrauenswürdiger...

The Safe Mac » Avast installs adware!

Hast du das Log nach einer Deinstallation von Avast und nach einem Neustart erstellt? Es sieht nicht danach aus als ob es entfernt wurde. Um es komplett zu entfernen musst du den hauseigenen Uninstaller nutzen.

Wenn das Problem weiter besteht, müssen wir zuerst alle Eventualitäten eliminieren, dazu gehört auch Avast.

LiLciL 19.04.2018 18:35
hmm.. das ist allerdings seltsam, denn ich habe Avast auf allen meinen Geräten installiert und sowas ist bis jetzt noch nicht vorgekommen. das hier ist allerdings der erste Mac.

Ich habe das so desinstalliert, wie es in dem Link stand (Avast Secure Line, nicht das ganze Avast)

Es hat sich jetzt wieder diese Seite geöffnet. Also Avast mal deinstallieren? Welches AntiVirus Programm empfiehlst du?

mfg

Dante12 20.04.2018 23:17
Das Proble muss nicht zwingend von deinem Rechner aus gehen, der Auslöser könnte auch über JavaScript auf der besuchten Webseite selbst das Problem darstellen.

Wenn du in Google Chrome Javascript abschaltest, erhältst du weiterhin popups? - Teste das mal bitte - gebe in der Adresszeile von Chrome folgendes ein oder kopiere es dorthin:

Code:
chrome://settings/content/javascript
Deaktiviere JavaScript und teste auf der Problemseite.

Berichte wie es gelaufen ist, in der Zwischenzeit erstelle doch bitte ein neues Log mit EtreCheck.

Frage: Tritt das Problem auch mit anderen Browsern auf?

LiLciL 24.04.2018 21:19
Hi,

habe gar nicht mitbekommen, dass es hier eine neue Antwort gab.

Zitat:
Zitat von Dante12 (Beitrag 1690256)
Deaktiviere JavaScript und teste auf der Problemseite.
Habe ich deaktiviert, aber proaktiv testen kann ich es ja nicht, die Seite(n) öffnet/n sich sporadisch.

Hier der EtreCheck:
Code:
EtreCheck version: 4.2.1 (4C020)
Report generated: 2018-04-24 08:37:06
Download EtreCheck from https://etrecheck.com
Runtime: 5:04
Performance: Below Average

Problem: No problem - just checking

Major Issues:
  Anything that appears on this list needs immediate attention.
  No Time Machine backup - Time Machine backup not found.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems.
  Clean up - There are orphan files that could be removed.
  Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
  Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
  32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:
  MacBook Air (11-inch, Early 2015)
  MacBook Air Model: MacBookAir7,1
  1 1,6 GHz Intel Core i5 (i5-5250U) CPU: 2-core
  4 RAM Not upgradeable
    BANK 0/DIMM0 - 2 GB DDR3 1600  ok
    BANK 1/DIMM0 - 2 GB DDR3 1600  ok
  Battery: Health = Normal - Cycle count = 79

Video Information:
  Intel HD Graphics 6000 - VRAM: 1536 MB
    Color LCD 1366 x 768

Drives:
  disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes)
  Internal PCI 5.0 GT/s x2 Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 () 121.12 GB
      disk1s1 - O*********2 (APFS) 121.12 GB (99.62 GB used)
      disk1s2 - Preboot (APFS) [APFS Preboot] 121.12 GB (21 MB used)
      disk1s3 - Recovery (APFS) [Recovery] 121.12 GB (518 MB used)
      disk1s4 - VM (APFS) [APFS VM] 121.12 GB (2.15 GB used)

Mounted Volumes:
  disk1s1 - O*********2 121.12 GB (18.69 GB free)
  APFS
  Mount point: /
  Encrypted

  disk1s4 - VM [APFS VM]  121.12 GB (18.69 GB free)
  APFS
  Mount point: /private/var/vm
 
Network:
  Interface en3: iPhone
  Interface en0: Wi-Fi
    802.11 a/b/g/n/ac
    One IPv4 address
    2 IPv6 addresses
  Interface en2: Bluetooth PAN
  Interface bridge0: Thunderbolt Bridge
  iCloud Quota: 33.57 GB available

System Software:
  macOS High Sierra 10.13.4 (17E199)
  Time since boot: Less than an hour
  System Load: 2.52 (1 min ago) 2.80 (5 min ago) 5.24 (15 min ago)

Security:
  System                      Status
  Gatekeeper                  Mac App Store and identified developers
  System Integrity Protection  Enabled

Unsigned Files:
  Launchd: /Library/LaunchDaemons/com.avast.uninstall.plist
    Executable: /Library/Application Support/Avast/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.userinit.plist
    Executable: /Library/Application Support/Avast/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.init.plist
    Executable: /Library/Application Support/Avast/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.update.plist
    Executable: /Library/Application Support/Avast/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK

32-bit Applications:
  6 32-bit apps

Kernel Extensions:
  /Library/Application Support/Avast/components/fileshield/signed
    [Loaded]    AvastFileShield.kext (4.0.0 - SDK 10.12)

  /Library/Application Support/Avast/components/proxy/signed
    [Loaded]    AvastPacketForwarder.kext (2.1 - SDK 10.12)

  /Library/Extensions
    [Loaded]    MB_MBAM_Protection.kext (3.2 - SDK 10.13)

System Launch Agents:
  [Not Loaded]  8 Apple tasks
  [Loaded]      165 Apple tasks
  [Running]    119 Apple tasks
  [Other]      One Apple task

System Launch Daemons:
  [Not Loaded]  37 Apple tasks
  [Loaded]      182 Apple tasks
  [Running]    116 Apple tasks

Launch Agents:
  [Loaded]    com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]    com.avast.userinit.plist (? bb25154c  - installed 2018-03-11)
  [Running]    com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26)

Launch Daemons:
  [Running]    com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]    com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]    com.avast.uninstall.plist (? 22f94791  - installed 2018-03-11)
  [Loaded]    com.avast.init.plist (? fc55b6fa  - installed 2018-03-11)
  [Other]      com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]    com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2016-01-09)
  [Loaded]    com.avast.update.plist (? 5c6ac355  - installed 2018-03-11)

User Launch Agents:
  [Loaded]    com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
  [Loaded]    com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-15)
  [Other]      com.avast.home.userinit.plist (? 0  - installed 2017-12-20)
  [Loaded]    com.sqwarq.DetectX-Swift.observer.plist (Philip Stokes - installed 2018-04-18)

User Login Items:
  Unified Remote Programm (Unified Intents AB
    (/Applications/Unified Remote.app)
  Dropbox Programm (Dropbox, Inc.
    (/Applications/Dropbox.app)
  iTunesHelper Programm (Apple - installed 2018-04-08)
    (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Internet Plug-ins:
  QuickTime Plugin: 7.7.3 (installed 2018-04-17)

Time Machine:
  Time Machine Not Configured!

Top Processes by CPU:
  Process (count)          Source          % of CPU
  Google Chrome Helper (8)  Google, Inc.        46
  Google Chrome            Google, Inc.        20
  WindowServer              Apple                19
  kernel_task              Apple                9
  helpd                    Apple                7

Top Processes by Memory:
  Process (count)                  Source          RAM usage
  kernel_task                      Apple              610 MB
  Google Chrome Helper (8)          Google, Inc.      414 MB
  com.apple.WebKit.WebContent (10)  Apple              365 MB
  mdworker (18)                    Apple              241 MB
  Google Chrome                    Google, Inc.      119 MB

Top Processes by Network Use:
  Process          Source                Input  Output
  Dropbox          Dropbox, Inc.        100 KB  251 KB
  mDNSResponder    Apple                  63 KB  38 KB
  netbiosd        Apple                  12 KB    6 KB
  apsd            Apple                  4 KB    4 KB
  com.avast.proxy  AVAST Software a.s.    6 KB    2 KB

Top Processes by Energy Use:
  Process (count)          Source                Energy usage (0-100)
  Google Chrome Helper (8)  Google, Inc.          21
  WindowServer              Apple                  14
  Google Chrome            Google, Inc.          8
  Microsoft Excel          Microsoft Corporation  2
  hidd                      Apple                  1

Virtual Memory Information:
  Available RAM    989 MB
  Free RAM          19 MB
  Used RAM        3.03 GB
  Cached files    971 MB
  Swap Used        202 MB

Clean up:
  ~/Library/LaunchAgents/com.avast.home.userinit.plist
    /Users/***/Library/Application Support/Avast/hub/userinit.sh
    Executable not found

Diagnostics Information (past 7 days):
  2018-04-17 09:27:45 CalendarAgent Crash (once)

End of report
Das Problem tritt nur in Chrome auf.

Ich melde mich wieder, wenn es auftritt (oder ne ganze Weile nicht mehr :) )

MfG

Hey,
die Seite hat sich wieder geöffnet.

MfG

Dante12 25.04.2018 08:09
EDiT

Code:
~/Library/LaunchAgents/com.avast.home.userinit.plist
/Users/***/Library/Application Support/Avast/hub/userinit.sh
  • Bitte erstelle einen Ordner auf deinem Desktop (benenne diesen in Avast-Init).
  • Kopiere oder verschiebe die beiden oben genannten Dateien in diesen Ordner.
  • Rechtsklick auf den Ordner und wähle "Avast-Init komprimieren".
  • Den gepackten Ordner bitte per PN an mich senden.

Starte bitte nochmal EtreCheck um folgende Dateien zu entfernen:

Code:
~/Library/LaunchAgents/com.avast.home.userinit.plist
/Users/***/Library/Application Support/Avast/hub/userinit.sh
Klicke auf Cleanup neben diesen Dateien die werden dann gelöscht.

Starte den Rechner neu.

Teste bitte nochmal. Ich habe nichts relevantes gefunden was zu diesen Pop-Ups führen könnte. Die einzige Komponente ist Avast aber würde mich echt wundern wenn es daran liegt.

Entferne alle Erweiterungen aus Google Chrome und teste bitte. Sollt das Problem hier nicht auftreten, dann installiere die vor dir benötigten Erweiterungen einzeln und teste wiederholt.

Frage: Kannst du mir bitte den Link zu der Seite geben bzw. die Seite die du vorher besuchst hast bevor du weitergeleitet wirst?

LiLciL 26.04.2018 06:49
@cosinus: weil der TE nach 3 Jahren nochmal aufwacht?

Habe dir die Dateien geschickt. Die zweite Datei war nicht in der User Library wie angegeben, sondern nur in der "normalen".

Die Seite ist hxxp://myhompage.info/
Die davor kriege ich so schnell nicht kopiert.

MfG

Habe die Seite davor jetzt doch bekommen, ohne Internet leitet die nämlich nicht weiter: hxxp://adsstore.club/

Heißt: Fehler ist wieder aufgetreten. Ich werde jetzt mal alle Erweiterungen in Chrome deaktivieren.

MfG

Dante12 26.04.2018 10:24
Nutzt du Downloadportale wie z.B. Chip oder Macupdate? Freie Software von diesen Portalen kommt oft mit Adware daher.

Wie ich bereits oben geschrieben habe:

1. Deinstalliere Avast mit den hauseignen Uninstaller komplett
2. Setze Google Chrome zurück und lösche alle Erweiterungen
  • Klicke auf das Google Menü (drei Punkte oben rechts).
  • Klicke auf Einstellungen scrolle nach unten und anschliessend auf Erweitert
  • wieder nach unten Scrollen und Einstellungen zurücksetzen auswählen
  • Abschliessend auf den Button Zurücksetzen.

3. Zusätzlich führe im Terminal folgendes aus.

Code:
sudo profiles list
Als Ergebnis sollte folgendes stehen:

Zitat:
There are no configuration profiles installed in the system domain
Wenn etwas anderes steht bitte kopieren und hier Posten.

4. Erstelle ein Log mit sysDiag

SysDiag
  1. Lade dir bitte das script SysDiag.sh von unseren Server herunter
  2. Entpacken und auf dein Desktop verschieben
  3. Öffne dein Terminal und gebe folgendes ein (kopieren und einfügen) - du benötigst dein Admin-Passwort:
    Code:
    cd ~/Desktop;sh sysDiag.sh
  4. Auf deinem Desktop wird die Datei syslist.txt erstellt und ein Fenster mit dem Inhalt wird geöffnet.
  5. Kopiere das Log und füge es hier ein - wie immer bitte in Code-Tags

LiLciL 01.05.2018 11:12
Hey, gute Nachrichten und in diesem Sinne vielen Dank für deine Hilfe!

Die Erweiterung "AdBlock Plus 1.2" oder so ähnlich (kann man bestimmt noch im Log nachlesen) hat den Fehler verursacht! Hierbei hat es sich wahrscheinlich um eine Fälschung gehandelt, die Erweiterung wurde ohne Logo angezeigt. Ich finde die Erweiterung jetzt auch nicht mehr. Jetzt habe ich das Original installiert mit dem Stoppschild als Logo in dem ABP steht.

Vielen Dank!

Dante12 04.05.2018 13:57
Prima :daumenhoc

Zitat:
Die Erweiterung "AdBlock Plus 1.2" oder so ähnlich (kann man bestimmt noch im Log nachlesen)
Hast du die Erweiterung im Papierkorb noch oder den Link zu der Seite? Ich würde das gern untersuchen.

LiLciL 09.05.2018 10:43
Leider nicht, im Papierkorb sehe ich keine Chrome Erweiterungen und im Erweiterungen Store finde ich es auch nicht mehr.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:45 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28