Mac OSX 10.5.8: Gefakte DHL-Mail mit Link geöffnet
Hallo diev,
Ich hab jetzt auf die schnelle ein Script erstellt das du mit dem Script Editor ausführen kannst. Ich kann nicht garantieren ob es läuft. Getestet habe ich es ab Mac OS X 10.9.
1. TextWranger installieren falls nicht vorhanden
Der Standardtexteditor TextEdit hat da seine Probleme mit großen Datenmengen. Deshalb nutze ich für die Ausgabe TextWrangler. Wenn du es noch nicht auf dein System hast kannst du es dir vom AppStore runterladen - es ist kostenlos.
2. Anleitung für die Verwendung des Scripts.
Installiere bitte TextWrangler wie oben beschrieben und starte das Programm.
Kopiere den nachfolgenden Inhalt aus der Code-Box. Dazu klicke auf Alles auswählen und kopiere es mit Command-C.
Code:
ATTFilter
(*
--------------------------------------------------------------------
System Reporter
Testversion
*)
global kHomeFolderPath
set kHomeFolderPath to POSIX path of (path to home folder)
global gOutput
set gOutput to "System Report Log" & return & "Scanned " & (current date)
set osver to system version of (system info) -- Get system version
set gOutput to gOutput & return & "Mac OS X version " & osver
-- Get login items
tell application "System Events"
set loginItems to the name of every login item
end tell
if length of loginItems is 0 then
set loginItemsOutput to "None"
else
set firstItem to true
repeat with oneItem in loginItems
if firstItem then
set loginItemsOutput to oneItem
set firstItem to false
else
set loginItemsOutput to loginItemsOutput & return & oneItem
end if
end repeat
end if
AddToOutput(loginItemsOutput, "Login items")
-- Get sandboxed login items
set theOverrides to GetOutputForShellScript("plutil -p /private/var/db/launchd.db/com.apple.launchd.peruser.501/overrides.plist", "No login items")
AddToOutput(theOverrides, "Sandboxed login items (overrides.plist)")
-- Get contents of specific interesting folders
set thingsToScan to {{"Startup items", "/Library/StartupItems"}, ¬
{"System startup items", "/System/Library/StartupItems"}, ¬
{"User launch agents", "~/Library/LaunchAgents"}, ¬
{"Root launch agents", "/Library/LaunchAgents"}, ¬
{"Root launch daemons", "/Library/LaunchDaemons"}, ¬
{"Safari extensions", "~/Library/Safari/Extensions/"}, ¬
{"Applications", "Applications"}, ¬
{"Preference Panes", "Library/PreferencePanes"}, ¬
{"User Internet Plug-Ins", "~/Library/Internet\\ Plug-Ins"}, ¬
{"Internet Plug-Ins", "/Library/Internet\\ Plug-Ins"}}
repeat with oneThing in thingsToScan
set nameOfThing to item 1 of oneThing
set pathToThing to item 2 of oneThing
try
set contentsOfThing to (do shell script ("ls -Al " & pathToThing))
on error errMsg number errn
if errn = 1 then
set contentsOfThing to "Folder does not exist."
else
set contentsOfThing to "Error " & errn & " : " & errMsg
end if
end try
if contentsOfThing is "" then
set contentsOfThing to "None"
end if
AddToOutput(contentsOfThing, nameOfThing)
end repeat
-- Get Chrome extensions
set chromeExtensions to GetChromeExtensionInfo()
AddToOutput(chromeExtensions, "Chrome extensions")
set chromeExternalExtensions to GetChromeExternalExtensionInfo()
AddToOutput(chromeExternalExtensions, "Chrome external extensions")
-- Get Firefox extensions
set mozillaExtensions to GetFirefoxExtensionInfo(kHomeFolderPath & "Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/")
AddToOutput(mozillaExtensions, "Mozilla extensions")
set firefoxProfileFolder to GetFirefoxDefaultProfileFolder()
if firefoxProfileFolder is not "" then
set firefoxExtensions to GetFirefoxExtensionInfo(firefoxProfileFolder & "extensions/")
else
set firefoxExtensions to "Folder does not exist"
end if
AddToOutput(firefoxExtensions, "Firefox extensions")
-- Get third-party kexts
set kextOutput to (do shell script "kextstat -l | grep -v com.apple | cut -c53-")
if length of kextOutput is 0 then
set kextOutput to "None"
end if
AddToOutput(kextOutput, "Third-party kexts")
-- Get user and root cron tasks
try
set userCronOutput to (do shell script "crontab -l")
on error
set userCronOutput to "No user cron tasks"
end try
try
set rootCronOutput to (do shell script "crontab -l" with administrator privileges)
on error
set rootCronOutput to "No root cron tasks"
end try
set cronOutput to "User tasks:" & return & userCronOutput & return & "Root tasks:" & return & rootCronOutput
AddToOutput(cronOutput, "Cron tasks")
-- Get LoginHook
set theLoginHook to GetOutputForShellScript("defaults read com.apple.loginwindow LoginHook", "No login hooks")
AddToOutput(theLoginHook, "LoginHook")
-- Apps to relaunch at restart
try
set theFolder to POSIX path of (path to home folder) & "/Library/Preferences/ByHost/"
tell application "Finder"
set theItems to name of items of folder (theFolder as POSIX file)
end tell
set foundItem to ""
repeat with oneItem in theItems
if oneItem begins with "com.apple.loginwindow" then
set foundItem to theFolder & oneItem
exit repeat
end if
end repeat
if foundItem = "" then
set plistContents to "Property list not found"
else
set plistContents to (do shell script "plutil -p " & foundItem)
end if
on error errMsg number errn
set plistContents to "Error: " & errMsg & " : " & errn
end try
AddToOutput(plistContents, "Apps to relaunch at restart")
-- Get launchd.conf
set theStartupItems to GetOutputForShellScript("cat /etc/launchd.conf", "No custom settings")
AddToOutput(theStartupItems, "Launchd configuration")
-- Get DNS settings
try
set theDNS to (do shell script "nslookup thesafemac.com | grep Server.*")
on error
set theDNS to "Error getting DNS settings"
end try
AddToOutput(theDNS, "DNS settings")
-- Get hosts file
try
set theHosts to (do shell script "cat /etc/hosts")
on error
set theHosts to "Error getting hosts file contents"
end try
AddToOutput(theHosts, "Hosts file")
-- Done creating output, now what do we do with it?
set dialogResult to display alert "Send or view report?" as informational message "Do you want to send this information via e-mail using the Mail app, or open it in TextWrangler?" buttons {"Send with Mail", "Open in TextWrangler"}
if button returned of dialogResult is "Send with Mail" then
tell application "Mail"
set theNewMessage to make new outgoing message with properties {subject:"My system report", content:gOutput, visible:true}
tell theNewMessage
make new to recipient at end of to recipients with properties {address:"forum-dante@posteo.eu"}
end tell
end tell
else
set textEditName to "TextWrangler"
tell application textEditName
activate
make new document
set text of document 1 to gOutput
end tell
end if
on AddToOutput(outputString, titleString)
set formattedOutput to return & return & titleString & return & "---------------" & return & outputString
set gOutput to gOutput & formattedOutput
end AddToOutput
on GetOutputForShellScript(theScript, err1Message)
try
set scriptOutput to (do shell script theScript)
on error errMsg number errn
if errn = 1 then
set scriptOutput to err1Message
else
set scriptOutput to "Error " & errn & " : " & errMsg
end if
end try
if scriptOutput = "" then
set scriptOutput to err1Message
end if
return scriptOutput
end GetOutputForShellScript
-----------------------------------------------------------------------
-- Gets a path to the folder for the default profile in Firefox
-----------------------------------------------------------------------
on GetFirefoxDefaultProfileFolder()
set firefoxProfileFolder to POSIX path of (path to home folder) & "Library/Application Support/Firefox/Profiles/"
tell application "System Events" to set itemExists to exists disk item firefoxProfileFolder
if not itemExists then
return ""
end if
tell application "Finder"
set allProfiles to name of folders of folder (firefoxProfileFolder as POSIX file)
end tell
repeat with oneFolder in allProfiles
if oneFolder ends with ".default" then
return firefoxProfileFolder & oneFolder & "/"
end if
end repeat
return ""
end GetFirefoxDefaultProfileFolder
-----------------------------------------------------------------------
-- Gets information about installed Chrome extensions
-----------------------------------------------------------------------
on GetChromeExtensionInfo()
return GetInfoForFolderStyleChromeExtension(POSIX path of (path to home folder) & "Library/Application Support/Google/Chrome/Default/Extensions/")
end GetChromeExtensionInfo
-----------------------------------------------------------------------
-- Given a folder, iterates over the folders it contains looking for the "name"
-- field from any json files inside that folder. Returns a formatted list of
-- file names and grep search results.
-----------------------------------------------------------------------
on GetInfoForFolderStyleChromeExtension(inFolder)
-- ignore default Chrome extensions
set ignoreList to {"aohghmighlieiainnegkcijnfilokake", "apdfllckaahabafndbhieahigkjlhalf", "bepbmhgboaologfdajaanbcjmnhjmhfn", "blpcfgokakmgnkcojhhkbfbldkacnbeo", "coobgpohoikkiipiblmjeljniedjpjpf", "nmmhkkegccagdldgiimedpiccmgmieda", "pjkljhegncpnkpknbcohdijeoejaedia"}
tell application "System Events" to set itemExists to exists disk item inFolder
if not itemExists then
return "Folder does not exist"
end if
tell application "Finder"
set allExtensions to name of folders of folder (inFolder as POSIX file)
end tell
if (count of allExtensions) is 0 then
return "None"
end if
set theOutput to ""
repeat with oneExtension in allExtensions
if oneExtension is not in ignoreList then
if theOutput is not "" then
set theOutput to theOutput & return
end if
tell application "System Events" to set theModDate to the modification date of item (inFolder & oneExtension)
set theOutput to theOutput & oneExtension & " : modified " & theModDate & return & " -> "
try
set nameInfo to do shell script ("grep -r '\"name\":[ ]*\"[^\"]*\"' " & quoted form of inFolder & oneExtension & "/")
on error
set nameInfo to "Error getting extension information"
end try
set theOutput to theOutput & nameInfo
end if
end repeat
if theOutput is "" then
return "None"
end if
return theOutput
end GetInfoForFolderStyleChromeExtension
----------------------------------------------------------------------
-- Gets information about installed Chrome external extensions
-----------------------------------------------------------------------
on GetChromeExternalExtensionInfo()
set userExtensionsInfo to GetInfoForFileStyleChromeExtension(POSIX path of (path to home folder) & "/Library/Application Support/Google/Chrome/External Extensions/")
set globalExtensionsInfo to GetInfoForFileStyleChromeExtension("/Library/Application Support/Google/Chrome/External Extensions/")
set theOutput to " +++ For user +++" & return & userExtensionsInfo & return & " +++ Global +++" & return & globalExtensionsInfo
return theOutput
end GetChromeExternalExtensionInfo
-----------------------------------------------------------------------
-- Given a folder, iterates over the files it contains looking for the "name"
-- field from any json files inside that folder. Returns a formatted list of
-- file names and contents.
-----------------------------------------------------------------------
on GetInfoForFileStyleChromeExtension(inFolder)
tell application "System Events" to set itemExists to exists disk item inFolder
if not itemExists then
return "Folder does not exist"
end if
tell application "Finder"
set allExtensions to name of files of folder (inFolder as POSIX file)
end tell
if (count of allExtensions) is 0 then
return "None"
end if
set theOutput to ""
repeat with oneExtension in allExtensions
if theOutput is not "" then
set theOutput to theOutput & return
end if
try
set fileContents to do shell script ("cat " & quoted form of (inFolder & oneExtension))
set theOutput to theOutput & "--- Contents of " & oneExtension & " ---" & return & fileContents & return & "--- End Contents ---"
on error
set theOutput to return & "Error getting extension information"
end try
end repeat
if theOutput is "" then
return "None"
end if
return theOutput
end GetInfoForFileStyleChromeExtension
-----------------------------------------------------------------------
-- Given a Firefox extension folder, outputs a list of the items in the folder,
-- as well as the name found in any install.rdf or manifest.xml files inside.
-- Searching will be done with egrep or zipgrep, and is not limited to those files,
-- though patterns will be used that should only be found in them.
-----------------------------------------------------------------------
on GetFirefoxExtensionInfo(inFolder)
tell application "System Events" to set itemExists to exists disk item inFolder
if not itemExists then
return "Folder does not exist"
end if
tell application "Finder"
set allExtensions to name of items of folder (inFolder as POSIX file)
end tell
if (count of allExtensions) is 0 then
return "None"
end if
set theOutput to ""
repeat with oneExtension in allExtensions
if theOutput is not "" then
set theOutput to theOutput & return
end if
tell application "System Events" to set theModDate to the modification date of item (inFolder & oneExtension)
set theOutput to theOutput & oneExtension & " : modified " & theModDate & return & " -> "
tell application "System Events" to set extensionKind to class of item (inFolder & oneExtension) as string
if extensionKind is "folder" then
try
set nameInfo to do shell script ("egrep -r '(em:name=\"[^\"]*\")|(<ShortName>[^<]*</ShortName>)|(<em:name>[^<]*</em:name>)' " & quoted form of inFolder & oneExtension & "/")
on error
set nameInfo to "Error getting extension information"
end try
else -- if the extension is a file
if oneExtension ends with ".xpi" then
try
set nameInfo to do shell script ("zipgrep '<em:name>[^<]*</em:name>' " & quoted form of inFolder & oneExtension)
on error
set nameInfo to "Error getting extension information"
end try
else
set nameInfo to "Unknown extension file format"
end if
end if
set theOutput to theOutput & nameInfo
end repeat
if theOutput is "" then
return "None"
end if
return theOutput
end GetFirefoxExtensionInfo
Füge das Script mit Command-V in TextWrangler ein.
Speicher es unter den Namen Systemreport.scpt auf dein Desktop. TextWrangler kannst du danach beenden.
Führe bitte nun einen Doppelklick auf die Datei Systemreport.scpt die sich auf dein Desktop befindet. Daraufhin sollte sich der Script Editor mit dem Inhalt öffnen.
Klicke nun oben auf das Dreieck (steht für Ausführen) oder wähle aus dem Menü Script den Befehl Ausführen.
Wenn gefordert gebe dein Passwort ein.
Sollte jetzt alles ohne Probleme laufen, öffnet sich anschließend ein Dialogfenster. Klicke auf den Button Open in TextWrangler.
3. Bearbeitung und Posten
Gehe in TextWrangler auf das Menu Search und wähle dort Find.. aus.
Du siehst nun eine neue Eingabebox. Oben steht Find und darunter Replace.
Suche nach persönlichen Informationen wie z.B deinen Namen oder email-Adressen und mache sie unkenntlich indem du im Eingabefeld Find den gesuchten Text eingibst und im Eingabefeld Replace etwas anderes hineinschreibst z.B. xxxxx.
Klicke dann auf Replace All. Mit Command-Z kannst du Änderungen rückgängig machen.
Ist alles erledigt, kopiere nun den Inhalt mit Command-A und Command-C und füge es anschließend hier in deinem nächsten Post in Code-Tags ein.
Solltest du damit Probleme haben, dann versuche ich noch etwas anderes. Bitte schreib mir gleich ob du seit deinem Vorfall, Änderungen am System wahrgenommen hast. Zum Beispiel Pop-ups oder ähnliches.
Zum Thema Mac OSX 10.5.8: Gefakte DHL-Mail mit Link geöffnet - Hallo diev,
Ich hab jetzt auf die schnelle ein Script erstellt das du mit dem Script Editor ausführen kannst. Ich kann nicht garantieren ob es läuft. Getestet habe ich es - Mac OSX 10.5.8: Gefakte DHL-Mail mit Link geöffnet...
17.03.2015, 17:00
Spende fürs trojaner-board? 
Baum-Darstellung