| |  Der super gau virus ? BadBios?
 Sehr geehrte User, sehr geehrte Userinnen,
ich bin im Dezember auf ein komisches Verhalten meines Macbooks gestoßen, leider wurde jedesmal wenn ich mich mit dem Internet verbunden habe das Macbook extrem laut und das Internet langsam.
Nachdem ich etwas Zeit hatte bin ich beim durchforsten des Systems auf einige interessante Dateien gestoßen. In weiterer Folge habe ich KSI installiert und das System durchsucht wobei ich durch KSI zuerst auf eine interessante Datei gestoßen bin welche im Mobile Backup Ordner gefunden habe. Die Datei war vom Namen her sehr ähnlich wie die anderen Dateien jedoch enthielt diese Datei Suchanforderung nach E-Tankstellen.
In weiterer Folge stieß ich dann auf viele interessante Dateien welche mir sorgen bereiteten.
EtreCheck Zitat:
EtreCheck version: 3.1.5 (343)
Report generated 2017-02-01 19:08:41
Download EtreCheck from https://etrecheck.com
Runtime 1:54
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: No problem - just checking
Hardware Information: ⓘ
MacBook Pro (Retina, 15-inch, Early 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro10,1
1 2,7 GHz Intel Core i7 (i7-3740QM) CPU: 4-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n
Battery: Health = Check Battery - Cycle count = 764
Video Information: ⓘ
Intel HD Graphics 4000
NVIDIA GeForce GT 650M - VRAM: 1024 MB
Color LCD 2880 x 1800
System Software: ⓘ
macOS Sierra 10.12 (16A323) - Time since boot: about 2 hours
Disk Information: ⓘ
APPLE SSD SD512E disk0 : (500,28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Work (disk0s4) /Volumes/Work : 199.32 GB (70.18 GB free)
Home (disk1) / [Startup]: 299.59 GB (67.85 GB free)
Core Storage: disk0s2 299.96 GB Online
USB Information: ⓘ
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Thunderbolt Information: ⓘ
Apple Inc. thunderbolt_bus
Configuration files: ⓘ
/etc/hosts - Count: 4
Gatekeeper: ⓘ
Mac App Store and identified developers
Kernel Extensions: ⓘ
/Applications/DiskWarrior.app
[not loaded] com.alsoft.Preview (5.0 - SDK 10.5 - 2014-12-02) [Support]
/Applications/IPSecuritas.app
[loaded] com.lobotomo.IPSecuritasFilter (4.7 - SDK 10.12 - 2016-10-10) [Support]
/Applications/Tunnelblick.app
[not loaded] net.tunnelblick.tap (20141104 (Tunnelblick build 4560) - 2016-05-25) [Support]
[not loaded] net.tunnelblick.tun (20141104 (Tunnelblick build 4560) - 2016-05-25) [Support]
/Applications/VMware Fusion.app
[loaded] com.vmware.kext.vmci (8.0.1 - 2015-09-24) [Support]
[loaded] com.vmware.kext.vmioplug.15.1.6 (8.0.1 - 2015-09-24) [Support]
[loaded] com.vmware.kext.vmnet (8.0.1 - 2015-09-24) [Support]
[loaded] com.vmware.kext.vmx86 (8.0.1 - 2015-09-24) [Support]
[loaded] com.vmware.kext.vsockets (8.0.1 - 2015-09-24) [Support]
/Applications/VMware Horizon Client.app
[not loaded] com.vmware.kext.vmioplug.12.2.4 (12.2.4 - 2014-09-02) [Support]
/Library/Application Support/Checkpoint/Endpoint Connect
[not loaded] com.checkpoint.cpfw (860010002 - SDK 10.6 - 2017-02-01) [Support]
/Library/Application Support/Kaspersky Lab/KAV/Bases/Cache
[loaded] com.kaspersky.kext.kimul.46 (46 - 2017-02-01) [Support]
[loaded] com.kaspersky.kext.mark.1.0.6 (1.0.6 - SDK 10.9 - 2017-02-01) [Support]
/Library/Extensions
[loaded] at.obdev.nke.LittleSnitch (3.7.2 - SDK 10.11 - 2017-02-01) [Support]
[not loaded] com.BlackBerry.driver.USBCDCNCM (1.0.14 - SDK 10.7 - 2017-02-01) [Support]
[loaded] com.kaspersky.kext.klif (3.4.2a30 - 2017-02-01) [Support]
[loaded] com.kaspersky.nke (2.1.0 - 2017-02-01) [Support]
[not loaded] com.paragon-software.kext.VDMounter (36.1 - SDK 10.8 - 2017-02-01) [Support]
[not loaded] com.rim.driver.BlackBerryUSBDriverInt (2.2.16 - SDK 10.7 - 2017-02-01) [Support]
[not loaded] com.rim.driver.BlackBerryVirtualPrivateNetwork (1.0.18 - SDK 10.8 - 2017-02-01) [Support]
/System/Library/Extensions
[not loaded] org.dungeon.driver.SATSMARTDriver (0.9 - SDK 10.7 - 2017-02-01) [Support]
Startup Items: ⓘ
ProTec6b: Path: /Library/StartupItems/ProTec6b
Startup items no longer function in OS X Yosemite or later
System Launch Agents: ⓘ
[not loaded] 7 Apple tasks
[loaded] 166 Apple tasks
[running] 98 Apple tasks
System Launch Daemons: ⓘ
[not loaded] 42 Apple tasks
[loaded] 158 Apple tasks
[running] 104 Apple tasks
Launch Agents: ⓘ
[running] at.obdev.LittleSnitchUIAgent.plist (2017-02-01) [Support]
[not loaded] com.adobe.AAM.Updater-1.0.plist (2015-04-22) [Support]
[running] com.brother.LOGINserver.plist (2015-06-30) [Support]
[loaded] com.checkpoint.eps.gui.plist (2016-09-14)
[loaded] com.checkpoint.eps.upgrader.plist (2014-11-09) [Support]
[running] com.kaspersky.kav.gui.plist (2017-02-01) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2016-02-10) [Support]
[loaded] com.realvnc.vncserver.peruser.plist (2015-04-15) [Support]
[not loaded] com.realvnc.vncserver.prelogin.plist (2015-04-15) [Support]
[running] com.rim.BBLaunchAgent.plist (2016-12-22) [Support]
[running] com.rim.PeerManager.plist (2015-05-26) [Support]
[running] com.rim.blackberrylink.BlackBerry-Link-Helper-Agent.plist (2016-12-22) [Support]
[not loaded] com.teamviewer.teamviewer.plist (2016-11-21) [Support]
[not loaded] com.teamviewer.teamviewer_desktop.plist (2016-11-10) [Support]
Launch Daemons: ⓘ
[running] at.obdev.littlesnitchd.plist (2017-02-01) [Support]
[loaded] com.adobe.SwitchBoard.plist (2015-04-22) [Support]
[running] com.checkpoint.epc.service.plist (2014-11-09) [Support]
[running] com.kaspersky.kav.plist (2016-12-23) [Support]
[running] com.lobotomo.IPSecuritasDaemon.plist (2016-12-19) [Support]
[running] com.macromates.auth_server.plist (2017-02-01) [Support]
[running] com.malwarebytes.HelperTool.plist (2017-02-01) [Support]
[loaded] com.microsoft.autoupdate.helpertool.plist (2016-05-11) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2011-03-10) [Support]
[loaded] com.microsoft.office.licensingV2.helper.plist (2015-09-11) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2016-01-30) [Support]
[failed] com.paragon-software.vdmounter.plist (2016-09-14)
[loaded] com.realvnc.vncserver.plist (2015-01-28) [Support]
[running] com.rim.BBDaemon.plist (2015-03-11) [Support]
[not loaded] com.rim.nkehelper.plist (2016-09-14)
[running] com.rim.tunmgr.plist (2015-05-26) [Support]
[loaded] com.teamviewer.Helper.plist (2016-11-10) [Support]
[not loaded] com.teamviewer.teamviewer_service.plist (2016-11-21) [Support]
[loaded] net.tunnelblick.tunnelblick.tunnelblickd.plist (2016-05-03) [Support]
[loaded] org.wireshark.ChmodBPF.plist (2016-12-23) [Support] - /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF: Executable not found!
[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (2017-02-01) [Support]
[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (2017-02-01) [Support]
User Launch Agents: ⓘ
[loaded] com.adobe.AAM.Updater-1.0.plist (2014-10-15) [Support]
[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]
[running] com.srib.pssddaemon.plist (2015-05-21) [Support]
[loaded] net.tunnelblick.tunnelblick.LaunchAtLogin.plist (2016-05-03) [Support]
[loaded] uk.co.canimaansoftware.clamxav.UninstallWatcher.plist (2017-02-01)
User Login Items: ⓘ
iTunesHelper Programm (2017-02-01)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
ReconUplinkAgent Programm Hidden
(/Applications/Recon Uplink.app/Contents/Resources/ReconUplinkAgent.app)
DiskWarriorDaemonStarter Programm
(/Applications/DiskWarrior.app/Contents/Helpers/DiskWarriorStarter.app)
ReibootService Programm
(~/.Trash/Malwarebytes Removals/ReiBoot.app/Contents/Resources/ReibootService.app)
com.adobe.SwitchBoard.monitor.plist MachInit
(/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist)
Mach Init items are deprecated
Internet Plug-ins: ⓘ
Silverlight: 5.1.40728.0 - SDK 10.6 (2015-09-11) [Support]
AdobePDFViewer: 10.1.1 (2015-04-22) [Support]
QuickTime Plugin: 7.7.3 (2016-09-14)
JavaAppletPlugin: Java 8 Update 73 build 02 (2016-02-10) Check version
SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-05-11) [Support]
3rd Party Preference Panes: ⓘ
Java (2016-02-10) [Support]
Time Machine: ⓘ
Time Machine not configured!
Top Processes by CPU: ⓘ
100% TextEdit
92% clamscan
10% ClamXav
9% WindowServer
3% Google Chrome Helper(18)
Top Processes by Memory: ⓘ
2.14 GB Google Chrome Helper(18)
1.44 GB Adobe Photoshop CS6
1.36 GB kernel_task
918 MB com.apple.WebKit.WebContent(9)
573 MB clamscan
Virtual Memory Information: ⓘ
4.20 GB Available RAM
24 MB Free RAM
11.80 GB Used RAM
4.18 GB Cached files
464 MB Swap Used
Diagnostics Information: ⓘ
Feb 1, 2017, 06:07:58 PM /Library/Logs/DiagnosticReports/ClamXav_2017-02-01-180758_[redacted].cpu_resource.diag [Details]
/Applications/ClamXav.app/Contents/MacOS/ClamXav
Feb 1, 2017, 05:08:54 PM /Library/Logs/DiagnosticReports/TextEdit_2017-02-01-170854_[redacted].cpu_resource.diag [Details]
/Applications/TextEdit.app/Contents/MacOS/TextEdit
Feb 1, 2017, 05:00:37 PM /Library/Logs/DiagnosticReports/Microsoft Excel_2017-02-01-170037_[redacted].cpu_resource.diag [Details]
/Applications/Microsoft Excel.app/Contents/MacOS/Microsoft Excel
Feb 1, 2017, 04:58:55 PM ~/Library/Logs/DiagnosticReports/QuickLookSatellite_2017-02-01-165855_[redacted].crash
/System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app/Contents/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
Feb 1, 2017, 04:58:05 PM Self test - passed
Feb 1, 2017, 04:48:13 PM /Library/Logs/DiagnosticReports/filezilla_2017-02-01-164813_[redacted].hang
/Applications/FileZilla.app/Contents/MacOS/filezilla
RAW Paste Data
|
/Users/******/Library/Application Support/MobileSync/Backup/bcc5bfab6357c8c5677ea2a7392f3af698eace57 Zitat:
[{"id":"6603","plugs":[{"type":61,"voltage":400,"current":16}],"phone":"+49 8341805455","timestamp":"2014-10-08T10:35:41+02:00","addr_street":"Mauerstettener Strasse ","longitude":10.6354216614,"is_partner":false,"latitude":47.8835904934,"addr_city":"Kaufbeuren","title":"VWEW GmbH ","addr_hnr":"2","addr_street_hnr":"Mauerstettener Strasse 2","prices":{},"opening_hours":"Immer","addr_zip":"87600","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/6603","available_fuel_types":["strom"]},{"id":"465","plugs":[{"type":59,"voltage":230,"current":16}],"phone":"0767 955 9550","timestamp":"2014-10-08T10:35:38+02:00","addr_street":"Loiserstr.","longitude":15.7028107,"is_partner":false,"latitude":48.4373275,"addr_city":"Brunn im Felde","title":"Johannes","addr_hnr":"52a","addr_street_hnr":"Loiserstr. 52a","prices":{},"opening_hours":"Nach telefonischer Vereinbarung","addr_zip":"3494","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/465","available_fuel_types":["strom"]},{"id":"18202","plugs":[{"type":59,"voltage":230,"current":16}],"phone":"","timestamp":"2014-10-15T03:00:16+02:00","addr_street":"Gunnar Randers vei","longitude":11.04749,"is_partner":false,"latitude":59.9744,"addr_city":"KJELLER","title":"HUJ-Nobil","addr_hnr":"24","addr_street_hnr":"Gunnar Randers vei 24","prices":{},"opening_hours":"Immer","addr_zip":"2007","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/18202","available_fuel_types":["strom"]},{"id":"6276","plugs":[{"type":60,"voltage":400,"current":16}],"phone":"+49 3322 232512","timestamp":"2014-10-08T10:35:40+02:00","addr_street":"Friedrich-Engels-Allee","longitude":13.0619337619,"is_partner":false,"latitude":52.575819043,"addr_city":"Falkensee","title":"Guido","addr_hnr":"122","addr_street_hnr" :"Friedrich-Engels-Allee 122","prices":{},"opening_hours":"Nach telefonischer Vereinbarung","addr_zip":"14612","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/6276","available_fuel_types":["strom"]},{"id":"18163","plugs":[{"type":59,"voltage":230,"current":16}],"phone":"","timestamp":"2014-10-15T03:00:16+02:00","addr_street":"Kjell Arholmsgate","longitude":5.69735,"is_partner":false,"latitude":58.93806,"addr_city":"STAVANGER","title":"HUJ-Nobil","addr_hnr":"41","addr_street_hnr":"Kjell Arholmsgate 41","prices":{},"opening_hours":"Immer","addr_zip":"4021","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/18163","available_fuel_types":["strom"]},{"id":"17636","plugs":[{"type":59,"voltage":230,"current":16}],"phone":"","timestamp":"2014-10-15T03:00:14+02:00","addr_street":"Dronningveien","longitude":10.32234,"is_partner":false,"latitude":60.04775,"addr_city":"KROKKLEIVA","title":"HUJ-Nobil","addr_hnr":"500","addr_street_hnr":"Dronningveien 500","prices":{},"opening_hours":"Immer","addr_zip":"3531","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/17636","available_fuel_types":["strom"]},{"id":"21203","plugs":[{"type":61,"voltage":400,"current":32}],"phone":"+49 864169950","timestamp":"2015-04-21T03:00:17+02:00","addr_street":"Pettendorf","longitude":12.4610093,"is_partner":false,"latitude":47.7677574,"addr_city":"Marquartstein","title":"Gem einde Marquartstein","addr_hnr":"11","addr_street_hnr":"Pettendorf 11","prices":{},"opening_hours":"Immer","addr_zip":"83250","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/21203","available_fuel_types":["strom"]},{"id":"466","plugs":[{"type":60,"voltage":400,"current":16}],"phone":"02738\/28 58","timestamp":"2014-10-08T10:35:38+02:00","addr_street":"Schulstraße","longitude":15.8241129,"is_partner":false,"latitude":48.4379551,"addr_city":"Fels am Wagram","title":"Meister Eder ","addr_hnr":"29","addr_street_hnr":"Schulstraße 29","prices":{},"opening_hours":"Nach telefonischer Vereinbarung","addr_zip":"3481","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/466","available_fuel_types":["strom"]},{"id":"14793","plugs":[{"type":60,"voltage":400,"current":32}],"phone":"+49 8144989490","timestamp":"2014-10-08T10:35:42+02:00","addr_street":"Keckweg","longitude":11.1346727006,"is_partner":false,"latitude":48.1186486696,"addr_city":"Kottgeisering","title":" Peter","addr_hnr":"11","addr_street_hnr":"Keckweg 11","prices":{},"opening_hours":"Immer","addr_zip":"82288","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/14793","available_fuel_types":["strom"]},{"id":"17597","plugs":[{"type":59,"voltage":230,"current":16}],"phone":"","timestamp":"2014-10-15T03:00:13+02:00","addr_street":"Gammelseterlia","longitude":7.27731,"is_partner":false,"latitude":62.76882,"addr_city":"MOLDE","title":"HUJ-Nobil","addr_hnr":"12","addr_street_hnr":"Gammelseterlia 12","prices":{},"opening_hours":"Immer","addr_zip":"6422","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/17597","available_fuel_types":["strom"]},{"id":"20637","plugs":[{"type":61,"voltage":400,"current":32}],"phone":"+49 800 2255 793","timestamp":"2014-11-05T03:00:05+01:00","addr_street":"Savignyplatz (Süd) 2","longitude":13.322816,"is_partner":false,"latitude":52.50553,"addr_city":"Berlin","title":"RWE Effizienz GmbH ","addr_hnr":"","addr_street_hnr":"Savignyplatz (Süd) 2 ","prices":{},"opening_hours":"Immer","addr_zip":"10623","email":"","website":"http:\/\/e-tankstellen-finder.com\/at\/de\/elektrotankstellen\/stromtankstelle\/20637","available_fuel_types":["strom"]},{"id":"21164","plugs":[{"type":68,"voltage":600,"current":200}],"phone":"+43 2848 633610","timestamp":"2015-04-01T03:00:24+02:00","addr_street":"Bundesstraße","longitude":15.261591478,"is_partner":false,"latitude":48.7432132248,"addr_city":"Schwarzenau","title" :"ELLA AG","addr_hnr":"16","addr_street_hnr":"Bundesstraße 16","prices":
| Weitere interessante Dateien Zitat:
T1:X3_101025_1_8_1_expROM_FW_uni_template_flash0.bin
T1:X3_101025_1_8_1_expROM_FW_uni_template_rmt_cmd_line.txt
T1:X3_101025_1_8_1_expROM_FW_uni_template_flash0.bin
T1:X3_101025_1_8_1_expROM_FW_uni_template_eeprom0.bin
drwxr-xr-x+ 33 ***** staff 1122 21 Dez 15:07 ..
-rw-r--r--@ 1 ***** staff 22532 1 Feb 17:17 .DS_Store
-rw-------@ 1 ***** staff 1028653056 9 Dez 2014 .com.google.Chrome.1b3ywP
-rw-------@ 1 ***** staff 97 23 Jan 2016 .com.google.Chrome.AOodH8
-rw-------@ 1 ***** staff 277257 18 Nov 2015 .com.google.Chrome.Dvl4sQ
-rw-------@ 1 ***** staff 2721168 24 Jan 2016 .com.google.Chrome.L0wo6J
-rw-------@ 1 ***** staff 1787193 16 Apr 2016 .com.google.Chrome.bWIzjW
-rw-------@ 1 ***** staff 12969483 12 Mai 2015 .com.google.Chrome.jO4dmn
Downloads/.com.google.Chrome.1b3ywP/casper\initrd.lz/initrd/lib/firmware/vxge/X3fw.ncf
Downloads/.com.google.Chrome.1b3ywP/casper\initrd.lz/initrd/lib/firmware/vxge/X3fw.ncf
|
Nachdem bis jetzt kein Scanner weder Malwarebytes noch KSI etwas gefunden hat frage ich euch um eure Hilfe
lg
|
01.02.2017, 19:50
Der super gau virus ? BadBios?
Linear-Darstellung
