Google Chrome (auf Mac!) öffnet permanent automatisch Werbung

LiLciL · 17.04.2018, 07:56

Hi,

ich grab den hier mal aus, weil ich genau das selbe Problem habe und der TE nicht mehr geantwortet hat.

edit
Bitte keine fremden Threads kapern. Es hat schon seinen Grund, dass hier jeder Hilfesuchende zu SEINEM PERSÖNLICHEN Problem, ein eigenes Thema aufmachen soll. Deine Beiträge wurden in ein neues Thema ausgelagert....

--
cosinus
/edit

Mein AdwareMedic Log:

Code:

ATTFilter

2018-04-17 08:36:09: ----- Scan Started -----
2018-04-17 08:36:09: Scanning with signatures version 51
2018-04-17 08:36:43: No adware found
2018-04-17 08:36:43: ----- Scan Ended -----

Mein Systemlog:

Code:

ATTFilter

Start time: 08:45:13 04/17/18

Revision: 1174

Model Identifier: MacBookAir7,1
System Version: macOS 10.13.3 (17D47)
Kernel Version: Darwin 17.4.0
System Integrity Protection: Enabled
Time since boot: 24 minutes

FileVault: On

Log

   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc/Contents/MacOS/com.apple.hiservices-xpcservice error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.SpeechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc, error = 1: Operation not permitted
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc, error = 1: Operation not permitted
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc, error = 1: Operation not permitted
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc, error = 1: Operation not permitted
   Apr 15 20:58:39 com.apple.xpc.launchd.domain.pid.SecurityAgent.312: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc, error = 1: Operation not permitted
   Apr 15 20:58:48 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
   Apr 15 21:12:28 com.apple.iTunesHelper.5268: Service exited with abnormal code: 1
   Apr 15 21:12:28 com.apple.Siri.agent: Service exited with abnormal code: 1
   Apr 16 10:33:44 Failed to remove file or directory: name = com.apple.pkg.CoreFP.igFkBn, error = 1: Operation not permitted. Further logging suppressed.
   Apr 16 10:33:44 com.apple.xpc.launchd.domain.system: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.platform.ptmd.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
   Apr 16 10:34:02 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
   Apr 16 10:34:09 com.google.keystone.user.agent: Service exited with abnormal code: 1
   Apr 16 10:34:40 com.apple.xpc.launchd.domain.system: Could not read path: path = /Library/LaunchDaemons/com.microsoft.autoupdate.helpertool.plist, error = 2: No such file or directory
   Apr 16 11:25:41 com.apple.iTunesHelper.5268: Service exited with abnormal code: 1
   Apr 16 11:25:41 com.apple.Siri.agent: Service exited with abnormal code: 1
   Apr 17 08:21:47 Failed to remove file or directory: name = com.apple.pkg.CoreFP.igFkBn, error = 1: Operation not permitted. Further logging suppressed.
   Apr 17 08:21:47 com.apple.xpc.launchd.domain.system: Could not import service from caller: path = /System/Library/LaunchDaemons/com.apple.platform.ptmd.plist, caller = launchd.1, error = 138: Service cannot be loaded on this hardware
   Apr 17 08:22:02 com.avast.home.userinit: Service setup event to handle failure and will not launch until it fires.
   Apr 17 08:22:13 com.google.keystone.user.agent: Service exited with abnormal code: 1
   Apr 17 08:40:04 com.apple.xpc.launchd.domain.pid.quicklookd.1620: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd.app

Bad kernel extensions

   /System/Library/Extensions/AppleOSXUSBNCM.kext

Loaded kernel extensions

   com.avast.FileShield (4.0.0) UUID
   com.avast.PacketForwarder (2.1) UUID

Daemons

   com.avast.account
   com.avast.daemon
   com.avast.fileshield
   com.avast.init
   com.avast.osx.secureline.burger
   com.avast.osx.secureline.init
   com.avast.osx.secureline.racoonrun
   com.avast.osx.secureline.service
   com.avast.osx.secureline.uninstall
   com.avast.osx.secureline.update
   com.avast.proxy
   com.avast.service
   com.avast.uninstall
   com.avast.update
   com.avast.wifiguard
   com.microsoft.autoupdate.helper
   com.microsoft.office.licensingV2.helper
   org.postfix.master

Agents

   6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper
   com.apple.iBooksX.CacheDelete
   com.avast.helper
   com.avast.home.userinit
   -	status: 78
   com.avast.osx.secureline.home.userinit
   com.avast.osx.secureline.update-agent
   com.avast.osx.secureline.userinit
   com.avast.userinit
   com.dropbox.DropboxMacUpdate.agent
   com.google.keystone.user.agent
   -	status: 1
   com.microsoft.update.agent

dylibs

   /Library/Application Support/Avast/components/proxy/certutil/libfreebl3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libnspr4.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libnss3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libnssdbm3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libnssutil3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libplc4.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libplds4.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libsmime3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libsoftokn3.dylib
   /Library/Application Support/Avast/components/proxy/certutil/libssl3.dylib
   /Library/Application Support/Avast/lib/libcrypto.1.0.0.dylib
   /Library/Application Support/Avast/lib/libhns.dylib
   /Library/Application Support/Avast/lib/libjsoncpp.1.8.3.dylib
   /Library/Application Support/Avast/lib/libprotobuf-lite.8.dylib
   /Library/Application Support/Avast/lib/libssl.1.0.0.dylib
   /Users/USER/Library/Application Support/Firefox/Profiles/pp09kinh.default/gmp-gmpopenh264/1.5.3/libgmpopenh264.dylib
   /Users/USER/Library/Application Support/Firefox/Profiles/pp09kinh.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.dylib
   /Users/USER/Library/VirtualDJ/Plugins/libmp3lame.dylib

App extensions

   com.getdropbox.dropbox.garcon
   com.microsoft.onenote.mac.shareextension

Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
   -	mod date: Jul 15 22:38:22 2017
   -	checksum: 1199119104

   <?xml version="1.0" encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plist version="1.0">
   <dict>
   	<key>Kernel Flags</key>
   	<string></string>
   </dict>
   </plist>

Contents of /Library/Preferences/com.apple.security.appsandbox.plist
   -	mod date: Aug  4 11:26:31 2017
   -	checksum: 2599182411

   <?xml version="1.0" encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "hxxp://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plist version="1.0">
   <dict>
       <key>UnrestrictSpotlightContainerScope</key>
       <true/>
   </dict>
   </plist>

Contents of /etc/hosts
   -	mod date: Feb 25 23:50:13 2016
   -	checksum: 3164423663

   127.0.0.1	localhost
   255.255.255.255	broadcasthost
   ::1             localhost 

Contents of /etc/pam.d/authorization
   -	mod date: Oct  3 03:04:58 2017
   -	checksum: 1288902703

   auth       optional       pam_krb5.so use_first_pass use_kcminit
   auth       optional       pam_ntlm.so use_first_pass
   auth       required       pam_opendirectory.so use_first_pass nullok
   account    required       pam_opendirectory.so

Contents of /etc/pam.d/authorization_aks
   -	mod date: Oct  3 02:59:34 2017
   -	checksum: 841932527

   auth       required       pam_aks.so
   account    required       pam_opendirectory.so

Contents of /etc/pam.d/authorization_ctk
   -	mod date: Oct  3 03:00:59 2017
   -	checksum: 2418984201

   auth       required       pam_smartcard.so 		use_first_pass pkinit
   account    required       pam_opendirectory.so

Contents of /etc/pam.d/authorization_la
   -	mod date: Oct  3 02:59:54 2017
   -	checksum: 2713564393

   auth       required       pam_localauthentication.so
   auth       required       pam_aks.so
   account    required       pam_opendirectory.so

Contents of /etc/pam.d/authorization_lacont
   -	mod date: Oct  3 02:59:54 2017
   -	checksum: 3048101696

   auth       required       pam_localauthentication.so continuityunlock
   auth       required       pam_aks.so
   account    required       pam_opendirectory.so

Contents of /etc/pam.d/checkpw
   -	mod date: Oct  3 02:40:14 2017
   -	checksum: 2672765862

   auth       required       pam_opendirectory.so use_first_pass nullok
   account    required       pam_opendirectory.so no_check_home no_check_shell

Contents of /etc/pam.d/chkpasswd
   -	mod date: Sep 30 03:24:58 2017
   -	checksum: 335781771

   auth       required       pam_opendirectory.so
   account    required       pam_opendirectory.so
   password   required       pam_permit.so
   session    required       pam_permit.so

Contents of /etc/pam.d/cups
   -	mod date: Oct 12 07:51:27 2017
   -	checksum: 2842188894

   auth       required       pam_opendirectory.so
   account    required       pam_permit.so
   password   required       pam_deny.so
   session    required       pam_permit.so

Contents of /etc/pam.d/login
   -	mod date: Sep 30 03:24:31 2017
   -	checksum: 1242678644

   auth       optional       pam_krb5.so use_kcminit
   auth       optional       pam_ntlm.so try_first_pass
   auth       optional       pam_mount.so try_first_pass
   auth       required       pam_opendirectory.so try_first_pass
   account    required       pam_nologin.so
   account    required       pam_opendirectory.so
   password   required       pam_opendirectory.so
   session    required       pam_launchd.so
   session    required       pam_uwtmp.so
   session    optional       pam_mount.so

Contents of /etc/pam.d/login.term
   -	mod date: Sep 30 03:24:31 2017
   -	checksum: 3930746290

   account    required       pam_nologin.so
   account    required       pam_opendirectory.so
   session    required       pam_uwtmp.so

Contents of /etc/pam.d/other
   -	mod date: Jul 15 23:02:50 2017
   -	checksum: 2748091512

   auth       required       pam_deny.so
   account    required       pam_deny.so
   password   required       pam_deny.so
   session    required       pam_deny.so

Contents of /etc/pam.d/passwd
   -	mod date: Sep 30 03:24:20 2017
   -	checksum: 1026516346

   auth       required       pam_permit.so
   account    required       pam_opendirectory.so
   password   required       pam_opendirectory.so
   session    required       pam_permit.so

Contents of /etc/pam.d/screensaver
   -	mod date: Oct  3 03:12:26 2017
   -	checksum: 3141704602

   auth       optional       pam_krb5.so use_first_pass use_kcminit
   auth       required       pam_opendirectory.so use_first_pass nullok
   account    required       pam_opendirectory.so
   account    sufficient     pam_self.so
   account    required       pam_group.so no_warn group=admin,wheel fail_safe
   account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_aks
   -	mod date: Oct  3 02:59:34 2017
   -	checksum: 3209544573

   auth       required       pam_aks.so
   account    required       pam_opendirectory.so
   account    sufficient     pam_self.so
   account    required       pam_group.so no_warn group=admin,wheel fail_safe
   account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_ctk
   -	mod date: Oct  3 03:00:59 2017
   -	checksum: 367670211

   auth       required       pam_smartcard.so			use_first_pass
   account    required       pam_opendirectory.so
   account    sufficient     pam_self.so
   account    required       pam_group.so no_warn group=admin,wheel fail_safe
   account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/screensaver_la
   -	mod date: Oct  3 02:59:54 2017
   -	checksum: 589164084

   auth       required       pam_localauthentication.so
   auth       required       pam_aks.so
   account    required       pam_opendirectory.so
   account    sufficient     pam_self.so
   account    required       pam_group.so no_warn group=admin,wheel fail_safe
   account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

Contents of /etc/pam.d/smbd
   -	mod date: Jul 16 01:42:11 2017
   -	checksum: 2516643123

   account required	pam_sacl.so sacl_service=smb allow_trustacct
   session required	pam_permit.so

Contents of /etc/pam.d/sshd
   -	mod date: Jul 16 00:02:08 2017
   -	checksum: 2989478361

   auth       optional       pam_krb5.so use_kcminit
   auth       optional       pam_ntlm.so try_first_pass
   auth       optional       pam_mount.so try_first_pass
   auth       required       pam_opendirectory.so try_first_pass
   account    required       pam_nologin.so
   account    required       pam_sacl.so sacl_service=ssh
   account    required       pam_opendirectory.so
   password   required       pam_opendirectory.so
   session    required       pam_launchd.so
   session    optional       pam_mount.so

Contents of /etc/pam.d/su
   -	mod date: Jul 15 23:10:42 2017
   -	checksum: 2045483434

   auth       sufficient     pam_rootok.so 
   auth       required       pam_opendirectory.so
   account    required       pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
   account    required       pam_opendirectory.so no_check_shell
   password   required       pam_opendirectory.so
   session    required       pam_launchd.so

Contents of /etc/pam.d/sudo
   -	mod date: Jul 15 23:04:32 2017
   -	checksum: 1168067210

   auth       sufficient     pam_smartcard.so
   auth       required       pam_opendirectory.so
   account    required       pam_permit.so
   password   required       pam_deny.so
   session    required       pam_permit.so

Contents of /etc/periodic/daily/110.clean-tmps
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 4099837049

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_clean_tmps_enable" in
       [Yy][Ee][Ss])
   	if [ -z "$daily_clean_tmps_days" ]
   	then
   	    echo '$daily_clean_tmps_enable is set but' \
   		'$daily_clean_tmps_days is not'
   	    rc=2
   	else
   	    echo ""
   	    echo "Removing old temporary files:"
   	    set -f noglob
   	    args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
   	    args="${args} -ctime +$daily_clean_tmps_days"
   	    dargs="-empty -mtime +$daily_clean_tmps_days"
   	    dargs="${dargs} ! -name .vfs_rsrc_streams_*"
   	    [ -n "$daily_clean_tmps_ignore" ] && {
   		args="$args "`echo " ${daily_clean_tmps_ignore% }" |
   		    sed 's/[ 	][ 	]*/ ! -name /g'`
   		dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
   		    sed 's/[ 	][ 	]*/ ! -name /g'`

   ...and 21 more line(s)

Contents of /etc/periodic/daily/130.clean-msgs
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 4292599426

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_clean_msgs_enable" in
       [Yy][Ee][Ss])
   	if [ ! -d /var/msgs ]
   	then
   	    echo '$daily_clean_msgs_enable is set but /var/msgs' \
   		"doesn't exist"
   	    rc=2
   	else
   	    echo ""
   	    echo "Cleaning out old system announcements:"
   	    [ -n "$daily_clean_msgs_days" ] &&
   		arg=-${daily_clean_msgs_days#-} || arg=
   	    msgs -c $arg && rc=0 || rc=3
   	fi;;
       *)  rc=0;;
   esac
   exit $rc

Contents of /etc/periodic/daily/140.clean-rwho
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 659374794

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_clean_rwho_enable" in
       [Yy][Ee][Ss])
   	if [ -z "$daily_clean_rwho_days" ]
   	then
   	    echo '$daily_clean_rwho_enable is enabled but' \
   		'$daily_clean_rwho_days is not set'
   	    rc=2
   	elif [ ! -d /var/rwho ]
   	then
   	    echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
   		"doesn't exist"
   	    rc=2
   	else
   	    echo ""
   	    echo "Removing stale files from /var/rwho:"
   	    case "$daily_clean_rwho_verbose" in
   		[Yy][Ee][Ss])
   		    print=-print;;
   		*)
   		    print=;;

   ...and 14 more line(s)

Contents of /etc/periodic/daily/199.clean-fax
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 1104983357

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   if [ -d /var/spool/fax ]; then
       echo ""
       echo "Removing scratch fax files"
       cd /var/spool/fax && \
       find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
   fi

Contents of /etc/periodic/daily/310.accounting
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 3208203734

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_accounting_enable" in
       [Yy][Ee][Ss])
   	if [ ! -f /var/account/acct ]
   	then
   	    echo '$daily_accounting_enable is set but /var/account/acct' \
   		"doesn't exist"
   	    rc=2
   	elif [ -z "$daily_accounting_save" ]
   	then
   	    echo '$daily_accounting_enable is set but ' \
   		'$daily_accounting_save is not'
   	    rc=2
   	else
   	    echo ""
   	    echo "Rotating accounting logs and gathering statistics:"
   	    cd /var/account
   	    rc=0
   	    n=$daily_accounting_save
   	    rm -f acct.$n.gz acct.$n || rc=3
   	    m=$n

   ...and 18 more line(s)

Contents of /etc/periodic/daily/400.status-disks
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 1480768650

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_status_disks_enable" in
       [Yy][Ee][Ss])
   	echo ""
   	echo "Disk status:"
   	df $daily_status_disks_df_flags && rc=1 || rc=3
   	;;
       *)  rc=0;;
   esac
   exit $rc

Contents of /etc/periodic/daily/420.status-network
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 2730873650

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_status_network_enable" in
       [Yy][Ee][Ss])
   	echo ""
   	echo "Network interface status:"
   	case "$daily_status_network_usedns" in
   	    [Yy][Ee][Ss])
   		netstat -i && rc=0 || rc=3;;
   	    *)
   		netstat -in && rc=0 || rc=3;;
   	esac;;
       *)  rc=0;;
   esac
   exit $rc

Contents of /etc/periodic/daily/430.status-rwho
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 3455351261

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$daily_status_rwho_enable" in
       [Yy][Ee][Ss])
   	rwho=$(echo /var/rwho/*)
           if [ -f "${rwho%% *}" ]
           then
   	    echo ""
   	    echo "Local network system status:"
   	    prog=ruptime
   	else
   	    echo ""
   	    echo "Local system status:"
   	    prog=uptime
   	fi
   	rc=$($prog | tee /dev/stderr | wc -l)
   	if [ $? -eq 0 ]
   	then
   	    [ $rc -gt 1 ] && rc=1
   	else
   	    rc=3
   	fi;;

   ...and 3 more line(s)

Contents of /etc/periodic/daily/999.local
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 2319755381

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   rc=0
   for script in $daily_local
   do
       echo ''
       case "$script" in
   	/*)
   	    if [ -f "$script" ]
   	    then
   		echo "Running $script:"
   		sh $script || rc=3
   	    else
   		echo "$script: No such file"
   		[ $rc -lt 2 ] && rc=2
   	    fi;;
   	*)
   	    echo "$script: Not an absolute path"
   	    [ $rc -lt 2 ] && rc=2;;
       esac
   done
   exit $rc

Contents of /etc/periodic/monthly/199.rotate-fax
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 3437454680

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   echo ""
   printf %s "Rotating fax log files:"
   cd /var/log/fax
   for i in *.log; do
       if [ -f "${i}" ]; then
       echo -n " $i"
       if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
       if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
       if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
       if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
       if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
       if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
       touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
       fi
   done
   echo ""

Contents of /etc/periodic/monthly/200.accounting
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 3541581936

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   oldmask=$(umask)
   umask 066
   case "$monthly_accounting_enable" in
       [Yy][Ee][Ss])
   	W=/var/log/wtmp
   	rc=0
   	remove=NO
   	if [ $rc -eq 0 ]
   	then
   	    echo ""
   	    echo "Doing login accounting:"
   	    rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
   	    [ $rc -gt 0 ] && rc=1
   	fi
   	[ $remove = YES ] && rm -f $W.0;;
       *)  rc=0;;
   esac
   umask $oldmask
   exit $rc

Contents of /etc/periodic/monthly/999.local
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 2355967272

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   rc=0
   for script in $monthly_local
   do
       echo ''
       case "$script" in
   	/*)
   	    if [ -f "$script" ]
   	    then
   		echo "Running $script:"
   		sh $script || rc=3
   	    else
   		echo "$script: No such file"
   		[ $rc -lt 2 ] && rc=2
   	    fi;;
   	*)
   	    echo "$script: Not an absolute path"
   	    [ $rc -lt 2 ] && rc=2;;
       esac
   done
   exit $rc

Contents of /etc/periodic/weekly/320.whatis
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 922328658

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   case "$weekly_whatis_enable" in
       [Yy][Ee][Ss])
   	echo ""
   	echo "Rebuilding whatis database:"
   	MANPATH=`/usr/bin/manpath -q`
   	if [ $? = 0 ]
   	then
   	    if [ -z "${MANPATH}" ]
   	    then
   		echo "manpath failed to find any manpage directories"
   		rc=3
   	    else
   		rc=0
   		/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
   		if [ X"${man_locales}" != X ]
   		then
   		    for i in ${man_locales}
   		    do
   			LC_ALL=$i /usr/libexec/makewhatis.local -a \
   			    -L "${MANPATH}" || rc=3

   ...and 9 more line(s)

Contents of /etc/periodic/weekly/999.local
   -	mod date: Jul 15 23:02:04 2017
   -	checksum: 3078968429

   if [ -r /etc/defaults/periodic.conf ]
   then
       . /etc/defaults/periodic.conf
       source_periodic_confs
   fi
   rc=0
   for script in $weekly_local
   do
       echo ''
       case "$script" in
   	/*)
   	    if [ -f "$script" ]
   	    then
   		echo "Running $script:"
   		sh $script || rc=3
   	    else
   		echo "$script: No such file"
   		[ $rc -lt 2 ] && rc=2
   	    fi;;
   	*)
   	    echo "$script: Not an absolute path"
   	    [ $rc -lt 2 ] && rc=2;;
       esac
   done
   exit $rc

Contents of /etc/pf.conf
   -	mod date: Jul 15 23:55:36 2017
   -	checksum: 2891177609

   scrub-anchor "com.apple/*"
   nat-anchor "com.apple/*"
   rdr-anchor "com.apple/*"
   dummynet-anchor "com.apple/*"
   anchor "com.apple/*"
   load anchor "com.apple" from "/etc/pf.anchors/com.apple"

Contents of /etc/syslog.conf
   -	mod date: Jul 22 04:17:16 2017
   -	checksum: 2399118465

   install.*						@127.0.0.1:32376

Firewall: On

DNS: 160.45.8.8 (static)

User login items

   Unified Remote
   -	/Applications/Unified Remote.app
   Dropbox
   -	/Applications/Dropbox.app
   iTunesHelper
   -	/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Restricted files: 2501

Lockfiles: 20

Elapsed time (sec): 342

Hoffe ihr könnt helfen, vielen lieben Dank schonmal.

Dante12 · 17.04.2018, 16:01

Mein Name ist Dante12 und ich versuche dir bei deinem Problem zu helfen so gut ich kann. Bitte arbeite so lange mit, bis ich dir mein Ok gebe. Beachte folgende Punkte damit die Arbeit nicht unnötig erschwert wird.

Ruhe bewahren!
Bitte führe keine Installation / Deinstallation durch so lange wir hier an dem Problem arbeiten
Nutze nur die Software die ich dir bei der Bereinigung anbiete - keine zusätzlichen Tools die die Arbeit erschweren würden.
Stelle Fragen bitte sofort damit kurzfristig darauf reagiert werden kann.
Lösche keine Daten selbständig von denen du nicht sicher bist ob diese mit einer Malware zu tun haben.
Geduld! Für gewöhnlich antworte ich kurzfristig auf Anfragen. Jedoch kommt es schon mal vor, dass es etwas länger dauert. Solltest du aber binnen 24 Stunden keine Antwort erhalten, schicke mir bitte eine Nachricht.
Für gewöhnlich solltest du ein neues Thema erstellen. Da dieses Thema schon drei Jahre alt ist und der TE sich nicht gemeldet hat, machen wir ausnahmsweise hier weiter.

Schritt 1

Scan mit Malwarebytes 3 for Mac

Lade dir bitte MalwareBytes 3 for Mac herunter.
Starte das "Install Malwarebytes 3.xx.pkg" um Malwarebytes zu installieren.
Programm starten und klicke auf Scan. Gefundene Malware wird in die Quarantäne verschoben. Rufe die Quarantäne auf und lösche die Eintrage. Mache einen Neustart!
Erstelle ein Log:
Lade dir bitte von Malwarebytes das GetSystemProfile.zip herunter und speichere es auf deinen Desktop.
Entpacken und Ausführen. Gebe dein Admin-Passwort wenn verlangt ein, und speichere anschliessend ForMalwarebytes.txt auf deinem Desktop.
Öffne das Log, kopiere alles und füge es hier in Code-Tags (Lesestoff Code-Tags) ein.

Schritt 2

EtreCheck installieren

Lade dir bitte EtreCheck herunter.
Entpacken und Ausführen.
Klicke auf das Pull-Down Menü und wähle No Problem - Just Checking, anschliessend auf Start Etrecheck
Nach Abschluss erscheint das EtreCheck-Fenster. In der linken Spalte kannst du verschiedene Informationen über deinen Rechner abrufen.
Klicke oben links auf den Button Share Report und anschließend Copy Report.
Akzeptiere die Lizenz-Bedingungen, danach wird das Log in die Zwischenanlage (Clipboard) kopiert.
Füge den Inhalt mit Command-V hier in dein Thema ein. Bitte in Code-Tags siehe Lesestoff.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit COMMAND+A) und kopiere es in die Zwischenablage mit COMMAND+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Cursor zwischen die CODE-Tags und drücke COMMAND+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

LiLciL · 17.04.2018, 18:51

Hi und vielen Dank, dass du dir die Zeit nimmst.

Malwarebytes hat nichts gefunden.

System:

Code:

ATTFilter

Malwarebytes System Profile
Scanned Dienstag, 17. April 2018 um 19:39:36
Malwarebytes version 3.2.36.1163
Mac OS X version 10.13.4

Safari extensions
---------------
Folder does not exist.

Chrome extensions
---------------
pkedcjkdefgpdelpbcmbmeomcjbeemfm : modified Sonntag, 18. März 2018 um 17:21:02
	-> Chrome Media Router
bkkbcggnhapdmkeljlodobbkopceiche : modified Samstag, 10. Februar 2018 um 13:49:05
	-> bkkbcggnhapdmkeljlodobbkopceiche
pjkljhegncpnkpknbcohdijeoejaedia : modified Montag, 7. März 2016 um 13:49:45
	-> Gmail
apdfllckaahabafndbhieahigkjlhalf : modified Montag, 7. März 2016 um 13:49:45
	-> Google Drive
fdfblflkjmmbcdofkedlllkfkadghbpo : modified Sonntag, 30. Juli 2017 um 00:03:33
	-> ?d?I??k ?Iu?
lmjnegcaeklhafolokijcfjliaokphfk : modified Sonntag, 22. Oktober 2017 um 12:42:55
	-> Video DownloadHelper
nmmhkkegccagdldgiimedpiccmgmieda : modified Montag, 16. April 2018 um 10:35:11
	-> nmmhkkegccagdldgiimedpiccmgmieda
bodncoafpihbhpfljcaofnebjkaiaiga : modified Donnerstag, 1. Februar 2018 um 15:55:32
	-> appear.in screen sharing
blpcfgokakmgnkcojhhkbfbldkacnbeo : modified Montag, 7. März 2016 um 13:49:45
	-> YouTube
gomekmidlodglbbmalcneegieacbdmki : modified Sonntag, 18. März 2018 um 17:21:02
	-> Avast Online Security

Chrome external extensions
---------------
   +++ For user +++
--- Contents of gomekmidlodglbbmalcneegieacbdmki.json : modified Donnerstag, 23. November 2017 um 09:07:04 ---
{ "external_update_url": "https://clients2.google.com/service/update2/crx" }
--- End Contents ---
   +++ Global +++
Folder does not exist

Mozilla extensions
---------------
Folder does not exist

Firefox extensions
---------------
wrc@avast.com.xpi : modified Donnerstag, 23. November 2017 um 09:07:04
	-> Error getting extension information

Login items
---------------
Dropbox
Unified Remote
iTunesHelper

Sandboxed login items (overrides.plist)
---------------
No login items

Startup items
---------------
None

System startup items
---------------
None

User launch agents
---------------
total 32
-rw-r--r--  1 Lene  staff  481 Dec 20 19:15 com.avast.home.userinit.plist
-rw-r--r--  1 Lene  staff  542 Mar 27 11:11 com.avast.osx.secureline.home.userinit.plist
-rw-r--r--  1 Lene  staff  684 Apr 15 21:04 com.dropbox.DropboxMacUpdate.agent.plist
-rw-r--r--@ 1 Lene  staff  801 Jul 12  2016 com.google.keystone.agent.plist

System launch agents
---------------
total 40
-rw-r--r--  1 root  wheel  733 Mar 27 11:11 com.avast.osx.secureline.update-agent.plist
-rw-r--r--  1 root  wheel  461 Mar 27 11:11 com.avast.osx.secureline.userinit.plist
-rw-r--r--  1 root  wheel  436 Mar 11 09:13 com.avast.userinit.plist
-rw-r--r--  1 root  wheel  651 Feb 26 16:06 com.malwarebytes.mbam.frontend.agent.plist
-rw-r--r--  1 root  wheel  338 Apr 16 10:34 com.microsoft.update.agent.plist

System launch daemons
---------------
total 80
-rw-r--r--  1 root  wheel  571 Mar 11 09:13 com.avast.init.plist
-rw-r--r--  1 root  wheel  596 Mar 27 11:11 com.avast.osx.secureline.init.plist
-rw-r--r--  1 root  wheel  720 Mar 27 11:11 com.avast.osx.secureline.uninstall.plist
-rw-r--r--  1 root  wheel  720 Mar 27 11:11 com.avast.osx.secureline.update.plist
-rw-r--r--  1 root  wheel  685 Mar 11 09:13 com.avast.uninstall.plist
-rw-r--r--  1 root  wheel  695 Mar 11 09:13 com.avast.update.plist
-rw-r--r--  1 root  wheel  786 Feb 26 16:06 com.malwarebytes.mbam.rtprotection.daemon.plist
-rw-r--r--  1 root  wheel  562 Feb 26 16:06 com.malwarebytes.mbam.settings.daemon.plist
-rw-r--r--  1 root  wheel  267 Apr 16 10:34 com.microsoft.autoupdate.helper.plist
-rw-r--r--  1 root  wheel  657 Jan  9  2016 com.microsoft.office.licensingV2.helper.plist

Third-party kexts
---------------
com.avast.FileShield (4.0.0) B45B9A8D-AA3B-3EB1-9ED0-8D43D5D851A5 <5 4 1>
com.avast.PacketForwarder (2.1) 344201BF-FF1A-3869-92F7-EA3B4B9BE230 <4 1>
com.malwarebytes.mbam.rtprotection (3.2.36) 197B3B52-FE0A-386A-BC14-5F28B2F4E8F1 <5 4 3 1>

DNS settings
---------------
Server:		2a02:8109:8f80:286c:5e35:3bff:fe94:3db0

Hosts file
---------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost 

Cron tasks
---------------
User tasks:
No user cron tasks
Root tasks:
No root cron tasks

LoginHook
---------------
No login hooks

Apps to re-launch at restart
---------------
{
  "TALAppsToRelaunchAtLogin" => [
    0 => {
      "BackgroundState" => 2
      "BundleID" => "com.apple.finder"
      "Hide" => 0
      "Path" => "/System/Library/CoreServices/Finder.app"
    }
    1 => {
      "BackgroundState" => 2
      "BundleID" => "com.google.chrome"
      "Hide" => 0
      "Path" => "/Applications/Google Chrome.app"
    }
    2 => {
      "BackgroundState" => 2
      "BundleID" => "com.microsoft.autoupdate2"
      "Hide" => 0
      "Path" => "/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app"
    }
    3 => {
      "BackgroundState" => 2
      "BundleID" => "com.apple.appstore"
      "Hide" => 0
      "Path" => "/Applications/App Store.app"
    }
    4 => {
      "BackgroundState" => 2
      "BundleID" => "com.microsoft.word"
      "Hide" => 0
      "Path" => "/Applications/Microsoft Word.app"
    }
    5 => {
      "BackgroundState" => 3
      "BundleID" => "com.apple.scripteditor.id.get-system-profile"
      "Hide" => 0
      "Path" => "/private/var/folders/l5/lsw42gtx21z46ldlngcg3bmr0000gn/T/AppTranslocation/F1362F83-5D00-4D82-BA92-26C5B913FE89/d/Get System Profile.app"
    }
  ]
}

Contents of Quarantine
---------------
None

EtreCheck:

Code:

ATTFilter

EtreCheck version: 4.2.1 (4C020)
Report generated: 2018-04-17 19:49:57
Download EtreCheck from https://etrecheck.com
Runtime: 5:40
Performance: Below Average

Problem: No problem - just checking

Major Issues:
  Anything that appears on this list needs immediate attention.
  No Time Machine backup - Time Machine backup not found.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems.
  Low disk space - This machine is running low on free hard drive space.
  Clean up - There are orphan files that could be removed.
  Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
  Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
  32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:
  MacBook Air (11-inch, Early 2015)
  MacBook Air Model: MacBookAir7,1
  1 1,6 GHz Intel Core i5 (i5-5250U) CPU: 2-core
  4 RAM Not upgradeable
    BANK 0/DIMM0 - 2 GB DDR3 1600  ok
    BANK 1/DIMM0 - 2 GB DDR3 1600  ok
  Battery: Health = Normal - Cycle count = 76

Video Information:
  Intel HD Graphics 6000 - VRAM: 1536 MB
    Color LCD 1366 x 768

Drives:
  disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes) 
  Internal PCI 5.0 GT/s x2 Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 () 121.12 GB
      disk1s1 - O*********2 (APFS) 121.12 GB (99.87 GB used)
      disk1s2 - Preboot (APFS) [APFS Preboot] 121.12 GB (21 MB used)
      disk1s3 - Recovery (APFS) [Recovery] 121.12 GB (518 MB used)
      disk1s4 - VM (APFS) [APFS VM] 121.12 GB (2.15 GB used)

Mounted Volumes:
  disk1s1 - O*********2 121.12 GB (18.50 GB free)
  APFS
  Mount point: /
  Encrypted

  disk1s4 - VM [APFS VM]  121.12 GB (18.50 GB free)
  APFS
  Mount point: /private/var/vm
  
Network:
  Interface en3: iPhone
  Interface en0: Wi-Fi
    802.11 a/b/g/n/ac
    One IPv4 address
    2 IPv6 addresses
  Interface en2: Bluetooth PAN
  Interface bridge0: Thunderbolt Bridge
  iCloud Quota: 33.56 GB available

System Software:
  macOS High Sierra 10.13.4 (17E199) 
  Time since boot: About 10 hours
  System Load: 3.84 (1 min ago) 3.54 (5 min ago) 4.89 (15 min ago)

Security:
  System                       Status
  Gatekeeper                   Mac App Store and identified developers
  System Integrity Protection  Enabled

Unsigned Files:
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.uninstall.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.init.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.uninstall.plist
    Executable: /Library/Application Support/Avast/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: ~/Library/LaunchAgents/com.avast.osx.secureline.home.userinit.plist
    Executable: /Users/***/Library/Application Support/AvastSecureLine/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.init.plist
    Executable: /Library/Application Support/Avast/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.update.plist
    Executable: /Library/Application Support/Avast/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.update.plist
    Executable: /Library/Application Support/AvastSecureLine/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.osx.secureline.userinit.plist
    Executable: /Library/Application Support/AvastSecureLine/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.userinit.plist
    Executable: /Library/Application Support/Avast/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK

32-bit Applications:
  7 32-bit apps

Kernel Extensions:
  /Library/Application Support/Avast/components/fileshield/signed
    [Loaded]     AvastFileShield.kext (4.0.0 - SDK 10.12)

  /Library/Application Support/Avast/components/proxy/signed
    [Loaded]     AvastPacketForwarder.kext (2.1 - SDK 10.12)

  /Library/Extensions
    [Loaded]     MB_MBAM_Protection.kext (3.2 - SDK 10.13)

System Launch Agents:
  [Not Loaded]  8 Apple tasks
  [Loaded]      166 Apple tasks
  [Running]     118 Apple tasks
  [Other]       One Apple task

System Launch Daemons:
  [Not Loaded]  39 Apple tasks
  [Loaded]      176 Apple tasks
  [Running]     120 Apple tasks

Launch Agents:
  [Loaded]     com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]     com.avast.userinit.plist (? bb25154c  - installed 2018-03-11)
  [Running]    com.avast.osx.secureline.update-agent.plist (AVAST Software a.s. - installed 2018-03-27)
  [Loaded]     com.avast.osx.secureline.userinit.plist (? 2fc1004f  - installed 2018-03-27)
  [Running]    com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26)

Launch Daemons:
  [Running]    com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]     com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]     com.avast.uninstall.plist (? 22f94791  - installed 2018-03-11)
  [Loaded]     com.avast.init.plist (? fc55b6fa  - installed 2018-03-11)
  [Loaded]     com.avast.osx.secureline.init.plist (? 1bda83b1  - installed 2018-03-27)
  [Running]    com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Running]    com.avast.osx.secureline.update.plist (? f50a649c  - installed 2018-03-27)
  [Loaded]     com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2016-01-09)
  [Other]      com.avast.update.plist (? 5c6ac355  - installed 2018-03-11)
  [Loaded]     com.avast.osx.secureline.uninstall.plist (? ba7a0061  - installed 2018-03-27)

User Launch Agents:
  [Loaded]     com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
  [Loaded]     com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-15)
  [Other]      com.avast.home.userinit.plist (? 0  - installed 2017-12-20)
  [Loaded]     com.avast.osx.secureline.home.userinit.plist (? 0  - installed 2018-03-27)

User Login Items:
  Dropbox Programm (Dropbox, Inc.
     (/Applications/Dropbox.app)
  Unified Remote Programm (Unified Intents AB
     (/Applications/Unified Remote.app)
  iTunesHelper Programm (Apple - installed 2018-04-08)
     (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
  6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper SMLoginItem (AVAST Software a.s. - installed 2018-03-21)
     (/Applications/AvastSecureLine.app/Contents/Library/LoginItems/6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper.app)

Internet Plug-ins:
  QuickTime Plugin: 7.7.3 (installed 2018-04-17)

Time Machine:
  Time Machine Not Configured!

Top Processes by CPU:
  Process (count)           Source                   % of CPU
  Google Chrome Helper (7)  Google, Inc.                  46 
  kernel_task               Apple                         39 
  WindowServer              Apple                         32 
  Google Chrome             Google, Inc.                  13 
  Microsoft AutoUpdate      Microsoft Corporation         13 

Top Processes by Memory:
  Process (count)           Source                 RAM usage
  kernel_task               Apple                     592 MB
  Google Chrome Helper (7)  Google, Inc.              267 MB
  helpd                     Apple                     134 MB
  Google Chrome             Google, Inc.              104 MB
  com.avast.daemon          AVAST Software a.s.        68 MB

Top Processes by Network Use:
  Process          Source                 Input  Output
  com.avast.proxy  AVAST Software a.s.   253 KB    3 KB
  Dropbox          Dropbox, Inc.          98 KB   84 KB
  mDNSResponder    Apple                  75 KB   50 KB
  apsd             Apple                  10 KB   16 KB
  netbiosd         Apple                   1 KB   708 B

Top Processes by Energy Use:
  Process (count)           Source                    Energy usage (0-100)
  Google Chrome Helper (7)  Google, Inc.              19
  WindowServer              Apple                     12
  Google Chrome             Google, Inc.              7
  Microsoft AutoUpdate      Microsoft Corporation     6
  RTProtectionDaemon        Malwarebytes Corporation  0

Virtual Memory Information:
  Available RAM    1.30 GB
  Free RAM           16 MB
  Used RAM         2.70 GB
  Cached files     1.28 GB
  Swap Used         382 MB

Clean up:
  ~/Library/LaunchAgents/com.avast.home.userinit.plist
    /Users/***/Library/Application Support/Avast/hub/userinit.sh
    Executable not found

Diagnostics Information (past 7 days):
  2018-04-17 09:27:45 CalendarAgent Crash (once)

End of report

Dante12 · 17.04.2018, 20:08

Möglicherweise kommen die Pop-Ups von AvastSecureLine? Das ist ein kostenloser Dienst soweit mir bekannt ist.

Schritt 1

Deinstalliert bitte AvastSecureLine Anleitung
Überprüfe alle Erweiterungen in Google Chrome und entferne unbekannte und nicht mehr benötigte. Wichtig: Wenn du den Google Sync verwendest bitte nicht abschalten sonst wird nach neuer Installation von Chrome der alte Ballast wieder aufgespielt.
Zurücksetzen von Google Chrome. Wichtig: Exportiere deine Lesezeichen auf deinem Desktop wenn nötig.

Schritt 2

Prüfen mit DetectX Swift

Lade dir bitte DetectX Swift herunter.
Öffne das DMG-Archiv, akzeptiere die Lizenzbestimmungen und verschiebe die App in den Programm-Ordner.
Starte DetectX Swift klicke auf OK und anschliessend auf Search. Lösche gefundene Einträge.
Wenn du dir beim löschen nicht sicher bist, dann Frage lieber einmal mehr hier im Forum (mache bitte ein Screenshot wenn nötig).
Erstelle bitte ein Log in dem du auf Profile klickst.
Klick auf den Button Share Options.. und anschliessend wähle die Option Sanitized.
Als letztes klicke bitte auf Copy Report to Clipboard
Füge das Log hier in das Forum in Code-Tags ein.

DetextX-Swift History

Im DetectX-Swift Hauptfenster wähle den Punkt History.
Klicke Rechts auf den Punkt History > All.
Rechter Mausklick auf den Anzeigebereich und wähle Copy All
Füge den kopierten Inhalt bitte in Code-Tags hier ein.

Berichte bitte ob die Pop-Ups nach diesen Schritten weiterhin vorhanden sind.

LiLciL · 18.04.2018, 06:55

Hi,

Avast Secure Line war nicht aktiv, aber habe ich jetzt deinstalliert. Wäre es aber nicht ein bisschen Paradox, dass ein AntiVirus Hersteller Malware verbreitet?

Chrome wurde zurückgesetzt, die Lesezeichen mussten nicht gesichert werden.

DetectX hat nichts gefunden:

Code:

ATTFilter

Timestamp (3): Mi. Apr. 18 07:50:34 2018
DetectX Swift v1.060

macOS: Version 10.13.4 (Build 17E199)
File System: apfs
Temp: The thermal state is within normal limits.

Boot time: Wed Apr 18 07:38:05 2018
Uptime: up 12 mins, 1 user

Spotlight status for /:
	Indexing enabled. 
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is On.

Internet:	Reachable


    Hardware Overview:

      Model Name: MacBook Air
      Model Identifier: MacBookAir7,1
      Processor Name: Intel Core i5
      Processor Speed: 1,6 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache (per Core): 256 KB
      L3 Cache: 3 MB
      Memory: 4 GB
      Boot ROM Version: MBA71.0176.B00
      SMC Version (system): 2.26f2



  Sharing Preferences:

	File Sharing:  Off
	Screen Sharing:  Off
	Remote Management:  Off
	Back To My Mac:  Off
	Remote Login:  Off
	Remote Apple Events:  Off


3rd Party Kexts (loaded):

	com.malwarebytes.mbam.rtprotection
	com.avast.FileShield
	com.avast.PacketForwarder


 $PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin


/etc/paths:
	/usr/local/bin
	/usr/bin
	/bin
	/usr/sbin
	/sbin

/etc/paths.d/:
	/Library/TeX/texbin
	
	

~/.bash_profile:
	
~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:


PID	Status	Label
488	0	com.getdropbox.dropbox.7976
-	78	com.avast.home.userinit
-	0	com.avast.userinit
820	0	com.avast.helper
468	0	com.malwarebytes.mbam.frontend.agent
-	0	com.openssh.ssh-agent
-	0	com.microsoft.update.agent
-	0	com.sqwarq.DetectX-Swift.observer
1764	0	com.sqwarq.DetectX-Swift.9508
492	0	com.unified.Unified-Remote.7972
881	0	com.google.Chrome.7988
-	0	com.google.keystone.user.agent
-	0	com.dropbox.DropboxMacUpdate.agent


 System Launchd processes:

0      0 	com.avast.account
60      - 	com.malwarebytes.mbam.rtprotection.daemon
0      - 	com.vix.cron
793      - 	com.avast.wifiguard
0      - 	org.postfix.master
0      0 	com.avast.update
0      - 	com.microsoft.office.licensingV2.helper
231      - 	com.avast.daemon
0      0 	com.microsoft.autoupdate.helper
253      - 	org.cups.cupsd
0      - 	com.avast.uninstall
0      0 	com.avast.init
436      - 	com.malwarebytes.mbam.settings.daemon
752      - 	com.avast.proxy
723      - 	com.avast.service
718      - 	com.avast.fileshield



 User Login Items:

 iTunesHelper
 Dropbox




 /Library/LaunchDaemons:

	com.malwarebytes.mbam.settings.daemon.plist
		-> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Contents/MacOS/SettingsDaemon
	
	com.malwarebytes.mbam.rtprotection.daemon.plist
		-> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app/Contents/MacOS/RTProtectionDaemon
	
	com.avast.update.plist
		--> Program Arguments: /Library/Application Support/Avast/components/update/update.sh
	
	com.avast.init.plist
		--> Program Arguments: /Library/Application Support/Avast/hub/init.sh
	
	com.avast.uninstall.plist
		--> Program Arguments: /Library/Application Support/Avast/hub/autouninstall.sh
	
	com.microsoft.office.licensingV2.helper.plist
		-> Program: /Library/PrivilegedHelperTools/com.microsoft.office.licensingV2.helper
		--> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensingV2.helper
	
	com.microsoft.autoupdate.helper.plist
		-> Program: /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
	



 /Library/LaunchAgents:

	com.malwarebytes.mbam.frontend.agent.plist
		-> Program: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/FrontendAgent.app/Contents/MacOS/FrontendAgent
	
	com.avast.userinit.plist
		-> Program: /Library/Application Support/Avast/hub/userinit.sh
	
	com.microsoft.update.agent.plist
		--> Program Arguments: /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon
		--> Program Arguments: -checkForUpdates
	



 ~/Library/LaunchAgents:

	com.avast.home.userinit.plist
		--> Program Arguments: /Users/[U501]/Library/Application Support/Avast/hub/userinit.sh
	
	com.google.keystone.agent.plist
		--> Program Arguments: /Users/[U501]/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
		--> Program Arguments: -runMode
		--> Program Arguments: ifneeded
	
	com.dropbox.DropboxMacUpdate.agent.plist
		--> Program Arguments: /Users/[U501]/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate
		--> Program Arguments: -check
		--> Program Arguments: periodic
	
	com.sqwarq.DetectX-Swift.observer.plist
		--> Program Arguments: /Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift
		--> Program Arguments: -observer
	

 User Crontab:

	No cron jobs



 /etc:

	rc.common
	bashrc_Apple_Terminal
	bashrc
	zshrc
	rc.netboot
	efax.rc~previous
	php.ini.default-previous~orig
	php.ini.default-5.2-previous
	aliases
	zprofile

 / $Root:

	.HFS+ Private Directory Data
 / .. children: 0
	installer.failurerequests
	.file
	.Trashes / .. children: 0
	vm / .. children: 1
	.dbfseventsd

 ~/ $Home:

	Music / .. children: 2
	.CFUserTextEncoding
	Pictures / .. children: 10
	.rnd
	Desktop / .. children: 14
	Library / .. children: 70
	.cups / .. children: 1
	.bash_sessions / .. children: 5
	Public / .. children: 3
	.dropbox / .. children: 11
	Movies / .. children: 1
	Applications / .. children: 2
	Dropbox / .. children: 14
	Dropbox Silvio / .. children: 2
	.Trash / .. children: 40
	Documents / .. children: 15
	Downloads / .. children: 201
	.bash_history



 ~/Library:

	TeXShop / .. children: 16
	PDF Services / .. children: 0
	Google / .. children: 2
	Family / .. children: 1
	Icons / .. children: 3
	Dropbox / .. children: 1
	VirtualDJ / .. children: 13



 ~/Library/Application Support:

	Firefox / .. children: 4
	com.apple.sbd / .. children: 2
	SyncServices / .. children: 1
	Mozilla / .. children: 1
	com.apple.touristd / .. children: 11
	DiskImages / .. children: 1
	Microsoft AU Daemon / .. children: 2
	MobileSync / .. children: 1
	Google / .. children: 2
	Unified Remote / .. children: 15
	Avast / .. children: 1
	CEF / .. children: 1
	org.videolan.vlc / .. children: 1
	com.sqwarq.DetectX-Swift / .. children: 2
	TeX Live Utility / .. children: 1
	AdwareMedic / .. children: 1
	etcher / .. children: 5
	Dropbox / .. children: 3
	Preview / .. children: 0
	Microsoft AutoUpdate / .. children: 2
	com.thesafemac.adwaremedic / .. children: 4



 ~/Library/Safari/Extensions:

	*-- Folder doesn't exist --*



 ~/Library/Internet Plug-Ins:

	



 /Users/Shared:

	adi / .. children: 4
	SC Info / .. children: 1
	



 /Applications:

	VLC.app
	TeX / .. children: 13
	Cinderella2.app
	Avast.app
	Google Chrome.app
	Alarm Clock.app
	Dropbox.app
	Unified Remote.app
	DetectX Swift.app
	AdwareMedic.app
	Microsoft Word.app
	Microsoft Excel.app
	Microsoft Outlook.app
	Malwarebytes.app
	VirtualDJ Home.app
	Microsoft OneNote.app
	Firefox.app
	Microsoft PowerPoint.app
	Slack.app



 /Library:

	DropboxHelperTools / .. children: 3
	TeX / .. children: 5



 /Library/Application Support:

	Avira / .. children: 4
	Microsoft / .. children: 1
	Avast / .. children: 14
	Malwarebytes / .. children: 1



 /Library/Extensions:

	MB_MBAM_Protection.kext



 /Library/Internet Plug-Ins:

	Disabled Plug-Ins / .. children: 2



 /Library/Managed Preferences:

	*-- Folder doesn't exist --*



 /Library/PrivilegedHelperTools:

	com.microsoft.autoupdate.helper
	com.microsoft.office.licensingV2.helper



 /Library/ScriptingAdditions:

	



 /Library/StartupItems:

	



 /Library/Updates:

	ProductMetadata.plist
	index.plist



Top Processes: 

%CPU	PID	COMMAND	
9.4		0		kernel_task 
8.2		217		WindowServer 
6.4		1764		DetectX Swift 
6.1		881		Google Chrome 
3.6		114		hidd 
3.3		1		launchd 
1.9		492		Unified Remote 
0.8		311		sandboxd 
0.3		903		Google Chrome He 
0.2		73		powerd 


Running Processes: 

PPID	PID	%CPU	USER	COMMAND	
0		1		0.8		root		/sbin/launchd 
1		57		0.0		root		/usr/sbin/syslogd 
1		58		0.0		root		/usr/libexec/UserEventAgent (System) 
1		60		0.0		root		/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app/Contents/MacOS/RTProtectionDaemon 
1		63		0.0		root		/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld 
1		64		0.0		root		/usr/libexec/kextd 
1		65		0.0		root		/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd 
1		67		0.0		root		/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted 
1		69		0.0		_appleevents		/System/Library/CoreServices/appleeventsd --server 
1		70		0.0		root		/usr/sbin/systemstats --daemon 
1		72		0.0		root		/usr/libexec/configd 
1		73		0.1		root		/System/Library/CoreServices/powerd.bundle/powerd 
1		76		0.4		root		/usr/libexec/logd 
1		77		0.0		root		/usr/libexec/keybagd -t 15 
1		82		0.0		root		/usr/libexec/warmd 
1		83		0.0		root		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds 
1		84		0.0		_iconservices		/System/Library/CoreServices/iconservicesd 
1		85		0.0		root		/System/Library/CoreServices/iconservicesagent 
1		86		0.0		root		/usr/libexec/diskarbitrationd 
1		89		0.0		root		/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper -launchd 
1		90		0.0		root		/usr/libexec/coreduetd 
1		93		0.5		root		/usr/libexec/opendirectoryd 
1		94		0.0		root		/System/Library/PrivateFrameworks/ApplePushService.framework/apsd 
1		95		0.0		root		/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbstated 
1		96		0.0		root		/System/Library/CoreServices/launchservicesd 
1		97		0.0		_timed		/usr/libexec/timed 
1		99		0.0		root		/usr/sbin/securityd -i 
1		100		0.0		_usbmuxd		/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd 
1		102		0.0		_locationd		/usr/libexec/locationd 
1		103		0.0		root		autofsd		
1		104		0.0		_displaypolicyd		/usr/libexec/displaypolicyd -k 1 
1		105		0.0		root		/usr/libexec/dasd 
1		108		0.0		[U501]		/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console 
1		109		0.0		root		/System/Library/CoreServices/logind 
1		110		0.0		root		/System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Support/revisiond 
1		111		0.0		root		/usr/sbin/KernelEventAgent 
1		113		0.0		root		/usr/sbin/bluetoothd 
1		114		4.1		_hidd		/usr/libexec/hidd 
1		115		0.0		root		/usr/libexec/corebrightnessd --launchd 
1		116		0.0		root		/usr/libexec/AirPlayXPCHelper 
1		117		0.3		root		/usr/sbin/notifyd 
1		118		0.0		_distnote		/usr/sbin/distnoted daemon 
1		119		0.0		root		/usr/libexec/amfid 
1		120		0.0		root		/usr/sbin/cfprefsd daemon 
1		124		0.0		root		/System/Library/Frameworks/Security.framework/Versions/A/XPCServices/authd.xpc/Contents/MacOS/authd 
1		125		0.0		root		/System/Library/CoreServices/coreservicesd 
1		126		0.0		root		aslmanager		
1		133		0.0		root		/usr/libexec/nehelper 
1		143		0.0		root		/usr/libexec/trustd 
1		144		0.0		root		/usr/libexec/airportd 
1		145		0.0		_coreaudiod		/usr/sbin/coreaudiod 
1		146		0.0		root		/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd 
1		148		0.0		_coreaudiod		/System/Library/Frameworks/CoreAudio.framework/Versions/A/XPCServices/com.apple.audio.DriverHelper.xpc/Contents/MacOS/com.apple.audio.DriverHelper 
1		149		0.0		root		/usr/sbin/ocspd 
1		152		0.0		_ctkd		/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s 
1		180		0.0		root		/usr/libexec/mobileassetd 
1		197		0.0		_mdnsresponder		/usr/sbin/mDNSResponder 
1		198		0.0		_nsurlsessiond		/usr/libexec/nsurlsessiond --privileged 
1		199		0.0		root		/usr/sbin/mDNSResponderHelper 
1		200		0.0		root		/usr/libexec/findmydeviced 
1		202		0.0		root		/System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd 
1		203		0.0		_analyticsd		/System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd 
1		204		0.0		root		/usr/libexec/lsd runAsRoot 
1		217		9.5		_windowserver		/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer -daemon 
1		223		0.0		root		/usr/libexec/apfsd 
1		226		0.0		root		/usr/libexec/usbd 
1		227		0.0		root		/usr/libexec/powerlogd 
1		229		0.0		root		/System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader 
1		231		0.0		root		/Library/Application Support/Avast/components/daemon/com.avast.daemon -n 
1		234		0.0		root		/System/Library/PrivateFrameworks/SignpostNotification.framework/Versions/A/XPCServices/signpost_notificationd.xpc/Contents/MacOS/signpost_notificationd 
1		236		0.0		root		/usr/libexec/ApplicationFirewall/socketfilterfw 
1		237		0.0		root		/usr/libexec/secinitd 
1		240		0.0		root		/usr/libexec/sysmond 
1		253		0.0		root		/usr/sbin/cupsd -l 
70		265		0.0		root		/usr/sbin/systemstats --logger-helper /private/var/db/systemstats 
1		268		0.0		root		/System/Library/Frameworks/CoreMediaIO.framework/Versions/A/XPCServices/com.apple.cmio.registerassistantservice.xpc/Contents/MacOS/com.apple.cmio.registerassistantservice 
1		269		0.0		_cmiodalassistants		/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/Resources/AppleCameraAssistant 
1		271		0.0		root		/usr/libexec/syspolicyd 
1		272		0.0		_networkd		/usr/libexec/symptomsd 
1		275		0.0		root		/usr/libexec/watchdogd 
1		276		0.0		root		/usr/libexec/thermald 
1		278		0.0		root		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mds_stores 
1		282		0.0		root		/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon 
1		283		0.0		_coreaudiod		/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper 
1		285		0.0		_nsurlstoraged		/usr/libexec/nsurlstoraged --privileged 
1		287		0.0		root		/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer 
1		288		0.0		root		/usr/libexec/colorsync.displayservices 
1		294		0.0		root		/usr/libexec/colorsyncd 
1		297		0.0		root		/System/Library/Frameworks/Security.framework/Versions/A/XPCServices/com.apple.CodeSigningHelper.xpc/Contents/MacOS/com.apple.CodeSigningHelper 
1		299		0.0		root		/usr/libexec/bootinstalld 
1		311		0.0		root		/usr/libexec/sandboxd 
1		312		0.0		root		/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd 
1		317		0.0		root		/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp -d 
1		321		0.0		root		/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd 
1		324		0.0		root		/System/Library/Frameworks/GSS.framework/Helpers/GSSCred 
1		325		0.0		root		/System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicationd 
1		327		0.0		_captiveagent		/usr/libexec/captiveagent 
1		329		0.0		root		/System/Library/CoreServices/sharedfilelistd 
1		330		0.0		_netbios		/usr/sbin/netbiosd 
1		331		0.0		root		/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd 
1		332		0.0		root		/usr/libexec/securityd_service 
1		334		0.0		[U501]		/usr/sbin/cfprefsd agent 
1		335		0.0		[U501]		/usr/libexec/UserEventAgent (Aqua) 
1		337		0.0		[U501]		/usr/sbin/distnoted agent 
1		338		0.0		[U501]		/usr/sbin/universalaccessd launchd -s 
1		339		0.0		[U501]		/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter -L 
1		340		0.0		[U501]		/System/Library/CoreServices/Dock.app/Contents/MacOS/Dock 
1		341		0.0		[U501]		/System/Library/CoreServices/talagent 
1		342		0.0		[U501]		/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer 
1		343		0.0		[U501]		/usr/libexec/lsd 
1		344		0.0		[U501]		/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder 
1		345		0.0		[U501]		/usr/libexec/trustd --agent 
1		346		0.0		[U501]		/usr/libexec/secd 
1		348		0.0		[U501]		/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd 
1		351		0.0		[U501]		/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird 
1		352		0.0		[U501]		/usr/libexec/pboard 
1		354		0.0		[U501]		/System/Library/CoreServices/sharedfilelistd 
1		355		0.0		[U501]		/usr/libexec/pkd 
1		356		0.0		root		/usr/sbin/spindump 
1		357		0.0		root		/System/Library/CoreServices/SubmitDiagInfo server-init 
1		359		0.0		[U501]		/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd 
1		361		0.0		[U501]		/System/Library/CoreServices/iconservicesagent 
1		364		0.0		[U501]		/System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/fontd 
1		365		0.0		[U501]		/usr/libexec/nsurlsessiond 
1		366		0.0		[U501]		/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd 
1		370		0.0		[U501]		/System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarAgent 
1		371		0.0		[U501]		/usr/libexec/knowledge-agent 
1		373		0.0		[U501]		/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd 
1		375		0.0		[U501]		/System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd 
1		376		0.0		[U501]		/usr/libexec/secinitd 
1		377		0.0		[U501]		/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService 
1		379		0.0		root		/usr/sbin/filecoordinationd 
1		380		0.0		[U501]		/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy 
1		381		0.0		[U501]		/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper 
1		382		0.0		[U501]		/usr/libexec/siriknowledged 
1		383		0.0		[U501]		/usr/libexec/keyboardservicesd 
1		384		0.0		[U501]		/usr/libexec/SafariCloudHistoryPushAgent 
1		385		0.0		[U501]		/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd 
1		386		0.0		[U501]		/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd 
1		387		0.0		[U501]		/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySyncHelper 
1		388		0.0		[U501]		/System/Library/PrivateFrameworks/GameCenterFoundation.framework/Versions/A/gamed 
1		389		0.0		[U501]		/System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond 
1		390		0.0		[U501]		/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariBookmarksSyncAgent 
1		391		0.0		[U501]		/usr/libexec/sharingd 
1		392		0.0		[U501]		/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd 
1		394		0.0		[U501]		/System/Library/PrivateFrameworks/PassKitCore.framework/passd 
1		395		0.0		[U501]		/usr/libexec/fmfd 
1		396		0.0		[U501]		/System/Library/PrivateFrameworks/CoreCDP.framework/Versions/A/Resources/cdpd 
1		397		0.0		[U501]		/usr/sbin/usernoted 
1		398		0.0		[U501]		/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService 
1		399		0.0		[U501]		/usr/libexec/nsurlstoraged 
1		400		0.0		_locationd		/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod 
1		401		0.0		_locationd		/usr/libexec/secinitd 
1		402		0.0		[U501]		/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter 
1		403		0.0		root		/usr/sbin/WirelessRadioManagerd 
1		404		0.0		[U501]		/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd 
1		405		0.0		[U501]		/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent 
1		406		0.0		[U501]		/System/Library/PrivateFrameworks/IMDPersistence.framework/XPCServices/IMDPersistenceAgent.xpc/Contents/MacOS/IMDPersistenceAgent 
1		407		0.0		_fpsd		/System/Library/PrivateFrameworks/CoreADI.framework/adid 
1		408		0.0		[U501]		/System/Library/PrivateFrameworks/CoreFollowUp.framework/Versions/A/Support/followupd 
1		409		0.0		root		/usr/sbin/wirelessproxd 
1		411		0.0		[U501]		/usr/libexec/rapportd 
1		412		0.0		[U501]		/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent 
1		413		0.0		[U501]		/usr/libexec/routined LAUNCHED_BY_LAUNCHD 
1		414		0.0		root		/System/Library/CoreServices/CrashReporterSupportHelper server-init 
1		415		0.0		root		/usr/sbin/systemsoundserverd 
1		416		0.0		_locationd		/usr/sbin/cfprefsd agent 
1		417		0.0		root		/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system 
1		418		0.0		_locationd		/usr/libexec/trustd --agent 
1		419		0.0		[U501]		/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent 
1		420		0.0		[U501]		/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd 
1		421		0.0		[U501]		/System/Library/CoreServices/APFSUserAgent 
1		423		0.0		[U501]		/System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent 
1		424		0.0		[U501]		/usr/libexec/networkserviceproxy 
1		425		0.0		[U501]		/System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent.app/Contents/MacOS/CMFSyncAgent 
1		426		0.0		[U501]		/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod 
1		427		0.0		[U501]		/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd 
1		428		0.0		root		/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent 
1		429		0.0		[U501]		/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent 
1		432		0.0		_applepay		/usr/libexec/nfcd 
1		436		0.0		root		/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Contents/MacOS/SettingsDaemon 
1		437		0.0		[U501]		SafeEjectGPUAgent		
1		440		0.0		[U501]		/System/Library/CoreServices/Menu Extras/SafeEjectGPUExtra.menu/Contents/XPCServices/SafeEjectGPUService.xpc/Contents/MacOS/SafeEjectGPUService 
1		441		0.0		[U501]		/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent 
1		446		0.0		[U501]		/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent 
1		448		0.0		[U501]		/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.extra.xpc/Contents/MacOS/com.apple.dock.extra 
1		449		0.0		[U501]		/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight 
1		450		0.0		[U501]		/Applications/Dropbox.app/Contents/PlugIns/garcon.appex/Contents/MacOS/garcon 
1		451		0.0		[U501]		/System/Library/PrivateFrameworks/ContactsAgent.framework/Executables/ContactsAgent 
1		454		0.0		[U501]		/System/Library/PrivateFrameworks/FileProvider.framework/Support/fileproviderd 
1		457		0.0		[U501]		/usr/sbin/ckkeyrolld 
1		459		0.0		[U501]		/System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAgent 
1		462		0.0		[U501]		/usr/libexec/dmd 
1		463		0.0		[U501]		/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent 
1		466		0.0		[U501]		/System/Library/CoreServices/Siri.app/Contents/MacOS/Siri launchd 
1		467		0.0		[U501]		/System/Library/Image Capture/Support/icdd 
1		468		0.0		[U501]		/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/FrontendAgent.app/Contents/MacOS/FrontendAgent 
1		471		0.0		[U501]		/System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent --launchd 
1		473		0.0		[U501]		/System/Library/CoreServices/cloudpaird 
1		474		0.0		[U501]		/System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent 
1		475		0.0		[U501]		/System/Library/CoreServices/diagnostics_agent 
1		477		0.0		[U501]		/System/Library/CoreServices/backgroundtaskmanagementagent 
1		478		0.0		[U501]		/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp 
1		480		0.0		[U501]		/System/Library/PrivateFrameworks/CoreWLANKit.framework/Versions/A/XPCServices/WiFiProxy.xpc/Contents/MacOS/WiFiProxy 
1		481		0.0		[U501]		/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd 
1		482		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeaccountd 
1		484		0.0		[U501]		/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/Frameworks/CloudPhotosConfigurationXPC.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration 
1		486		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce 
1		487		0.0		[U501]		/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTunesHelper 
1		488		0.0		[U501]		/Applications/Dropbox.app/Contents/MacOS/Dropbox 
1		489		0.0		[U501]		/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw 
1		491		0.0		[U501]		/Applications/Dropbox.app/Contents/MacOS/Dropbox -type:crashpad-handler --capture-python --no-upload-gzip --no-rate-limit --database=/Users/[U501]/.dropbox/Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-mac-47.4.74 --annotation=client_session_id=f754c8d5-d6e7-46bf-9644-fe99f2130e54 --annotation=host_int_account1_boot=6154485346 --annotation=machine_id=3cff3067-1971-5527-8572-058d10063a78 --annotation=platform=mac --annotation=platform_version=10.13.4 --handshake-fd=4 
1		492		0.4		[U501]		/Applications/Unified Remote.app/Contents/MacOS/Unified Remote 
488		493		0.0		[U501]		/Applications/Dropbox.app/Contents/MacOS/Dropbox -type:exit-monitor -python-version:2.7.11 -method:collectupload -session-token:f754c8d5-d6e7-46bf-9644-fe99f2130e54 -target-handle:488 -target-shutdown-event:4 -target-command-line:/Applications/Dropbox.app/Contents/MacOS/Dropbox 
1		494		0.0		[U501]		/System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPluginHelper 
1		495		0.0		[U501]		/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension 
1		497		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/corespotlightd 
1		498		0.0		[U501]		/usr/libexec/swcd 
1		505		0.0		[U501]		/System/Library/CoreServices/NotificationCenter.app/Contents/XPCServices/com.apple.notificationcenterui.WeatherSummary.xpc/Contents/MacOS/com.apple.notificationcenterui.WeatherSummary 
1		533		0.0		[U501]		/System/Library/CoreServices/pbs 
1		544		0.0		[U501]		/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary 
1		546		0.0		[U501]		/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/XPCServices/ContainerMetadataExtractor.xpc/Contents/MacOS/ContainerMetadataExtractor 
1		574		0.0		[U501]		/usr/libexec/loginitemregisterd 
1		575		0.0		root		/usr/libexec/smd 
1		576		0.0		[U501]		/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing 
1		592		0.0		[U501]		/System/Library/PrivateFrameworks/CacheDelete.framework/deleted 
1		594		0.0		[U501]		/usr/libexec/videosubscriptionsd 
1		612		0.0		[U501]		/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdate_notify_agent 
1		613		0.0		[U501]		/usr/libexec/spindump_agent 
1		614		0.0		root		/usr/libexec/diskmanagementd 
1		617		0.0		_softwareupdate		/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated 
1		622		0.0		root		/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd 
1		627		0.0		[U501]		/Applications/Dropbox.app/Contents/XPCServices/DropboxActivityProvider.xpc/Contents/MacOS/DropboxActivityProvider 
1		629		0.0		root		/usr/libexec/taskgated -s 
1		630		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storelegacy 
1		631		0.0		[U501]		/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/XPCServices/media-indexer.xpc/Contents/MacOS/media-indexer 
488		648		0.0		root		/Library/DropboxHelperTools/Dropbox_u501/dbfseventsd 
648		649		0.0		root		/Library/DropboxHelperTools/Dropbox_u501/dbfseventsd 
649		650		0.0		[U501]		/Library/DropboxHelperTools/Dropbox_u501/dbfseventsd 
1		652		0.0		[U501]		/Applications/Dropbox.app/Contents/XPCServices/DropboxFolderTagger.xpc/Contents/MacOS/DropboxFolderTagger 
1		660		0.0		_locationd		/usr/sbin/distnoted agent 
1		676		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeassetd 
1		718		0.0		root		/Library/Application Support/Avast/components/fileshield/com.avast.fileshield 
1		723		0.0		root		/Library/Application Support/Avast/components/service/com.avast.service 
1		752		0.0		root		/Library/Application Support/Avast/components/proxy/com.avast.proxy -n 
1		793		0.0		root		/Library/Application Support/Avast/components/wifiguard/com.avast.wifiguard 
1		820		0.0		[U501]		/Library/Application Support/Avast/components/helper/com.avast.helper.app/Contents/MacOS/com.avast.helper 
1		842		0.0		[U501]		/Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService 
253		843		0.0		_lp		KONICA_MINOLTA_magicolor_1650W		121		[U501]		Parkinweis.pdf		9		AP_ColorMatchingMode=AP_ApplicationColorMatching		AP_D_InputSlot=		noBookletBinding..b.		BookletType..n.=0		collate		com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf		com.apple.print.JobInfo.PMApplicationName=Vorschau		com.apple.print.JobInfo.PMJobName=Parkinweis.pdf		com.apple.print.JobInfo.PMJobOwner=Marlen\		Teske		com.apple.print.PageToPaperMappingMediaName=A4		com.apple.print.PageToPaperMappingType..n.=1		com.apple.print.preset.Orientation..n.=1		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583		nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\		A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4		com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221		com.apple.print.PrintSettings.PMColorMatchingMode..n.=0		com.apple.print.PrintSettings.PMColorSpaceModel..n.=2		com.apple.print.PrintSettings.PMCopies..n.=9		com.apple.print.PrintSettings.PMCopyCollate..b.		com.apple.print.PrintSettings.PMDestinationType..n.=1		com.apple.print.PrintSettings.PMFirstPage..n.=1		com.apple.print.PrintSettings.PMLastPage..n.=2147483647		com.apple.print.PrintSettings.PMLayoutColumns..n.=1		com.apple.print.PrintSettings.PMLayoutRows..n.=1		com.apple.print.PrintSettings.PMPageRange..a.0..n.=1		com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647		DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W		media=A4		PaperInfoIsSuggested..b.		noPDFIsProtected..b.		pserrorhandler-requested=standard		job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c		job-originating-host-name=localhost		date-time-at-creation=		date-time-at-processing=		time-at-creation=1521392709		time-at-processing=1524029943		document-name-supplied=Parkinweis.pdf		job-impressions=9		com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9		sides=one-sided		Duplex=None		com.apple.print.PrintSettings.PMTotalBeginPages..n.=1		PageSize=A4		/private/var/spool/cups/d00121-001 
253		844		0.0		_lp		KONICA_MINOLTA_magicolor_1650W		121		[U501]		Parkinweis.pdf		9		AP_ColorMatchingMode=AP_ApplicationColorMatching		AP_D_InputSlot=		noBookletBinding..b.		BookletType..n.=0		collate		com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf		com.apple.print.JobInfo.PMApplicationName=Vorschau		com.apple.print.JobInfo.PMJobName=Parkinweis.pdf		com.apple.print.JobInfo.PMJobOwner=Marlen\		Teske		com.apple.print.PageToPaperMappingMediaName=A4		com.apple.print.PageToPaperMappingType..n.=1		com.apple.print.preset.Orientation..n.=1		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583		nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\		A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4		com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221		com.apple.print.PrintSettings.PMColorMatchingMode..n.=0		com.apple.print.PrintSettings.PMColorSpaceModel..n.=2		com.apple.print.PrintSettings.PMCopies..n.=9		com.apple.print.PrintSettings.PMCopyCollate..b.		com.apple.print.PrintSettings.PMDestinationType..n.=1		com.apple.print.PrintSettings.PMFirstPage..n.=1		com.apple.print.PrintSettings.PMLastPage..n.=2147483647		com.apple.print.PrintSettings.PMLayoutColumns..n.=1		com.apple.print.PrintSettings.PMLayoutRows..n.=1		com.apple.print.PrintSettings.PMPageRange..a.0..n.=1		com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647		DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W		media=A4		PaperInfoIsSuggested..b.		noPDFIsProtected..b.		pserrorhandler-requested=standard		job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c		job-originating-host-name=localhost		date-time-at-creation=		date-time-at-processing=		time-at-creation=1521392709		time-at-processing=1524029943		document-name-supplied=Parkinweis.pdf		job-impressions=9		com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9		sides=one-sided		Duplex=None		com.apple.print.PrintSettings.PMTotalBeginPages..n.=1		PageSize=A4		
253		845		0.0		_lp		socket://192.168.000.177/		121		[U501]		Parkinweis.pdf		9		AP_ColorMatchingMode=AP_ApplicationColorMatching		AP_D_InputSlot=		noBookletBinding..b.		BookletType..n.=0		collate		com.apple.print.DocumentTicket.PMSpoolFormat=application/pdf		com.apple.print.JobInfo.PMApplicationName=Vorschau		com.apple.print.JobInfo.PMJobName=Parkinweis.pdf		com.apple.print.JobInfo.PMJobOwner=Marlen\		Teske		com.apple.print.PageToPaperMappingMediaName=A4		com.apple.print.PageToPaperMappingType..n.=1		com.apple.print.preset.Orientation..n.=1		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PageFormat.PMAdjustedPaperRect..a.3..n.=583		nocom.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMCustomPaper..b.		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMPaperName=iso-a4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.0..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.1..n.=0		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.2..n.=818		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPageRect..a.3..n.=571		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.0..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.1..n.=-12		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.2..n.=830		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.PMUnadjustedPaperRect..a.3..n.=583		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.PaperInfo.ppd.PMPaperName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.com.apple.print.ticket.type=com.apple.print.PaperInfoTicket		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDPaperCodeName=A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMPPDTranslationStringPaperName=DIN\		A4		com.apple.print.preset.PaperInfo..d.paperInfo..d.PMTiogaPaperName=iso-a4		com.apple.print.PrinterInfo.PMColorDeviceID..n.=39221		com.apple.print.PrintSettings.PMColorMatchingMode..n.=0		com.apple.print.PrintSettings.PMColorSpaceModel..n.=2		com.apple.print.PrintSettings.PMCopies..n.=9		com.apple.print.PrintSettings.PMCopyCollate..b.		com.apple.print.PrintSettings.PMDestinationType..n.=1		com.apple.print.PrintSettings.PMFirstPage..n.=1		com.apple.print.PrintSettings.PMLastPage..n.=2147483647		com.apple.print.PrintSettings.PMLayoutColumns..n.=1		com.apple.print.PrintSettings.PMLayoutRows..n.=1		com.apple.print.PrintSettings.PMPageRange..a.0..n.=1		com.apple.print.PrintSettings.PMPageRange..a.1..n.=2147483647		DestinationPrinterID=KONICA_MINOLTA_magicolor_1650W		media=A4		PaperInfoIsSuggested..b.		noPDFIsProtected..b.		pserrorhandler-requested=standard		job-uuid=urn:uuid:04da6b0d-13ff-3f48-7e39-c13c3d59938c		job-originating-host-name=localhost		date-time-at-creation=		date-time-at-processing=		time-at-creation=1521392709		time-at-processing=1524029943		document-name-supplied=Parkinweis.pdf		job-impressions=9		com.apple.print.PrintSettings.PMTotalSidesImaged..n.=9		sides=one-sided		Duplex=None		com.apple.print.PrintSettings.PMTotalBeginPages..n.=1		PageSize=A4		
1		846		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.app/Contents/MacOS/LaterAgent 
1		847		0.0		[U501]		/System/Library/PrivateFrameworks/QuickLookThumbnailing.framework/Support/com.apple.quicklook.ThumbnailsAgent 
1		849		0.0		root		/usr/libexec/dmd 
1		850		0.0		[U501]		/System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Support/photolibraryd 
1		852		0.0		[U501]		/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistant_service 
1		853		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		854		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		855		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		856		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		857		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		858		0.0		[U501]		/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar 
1		859		0.0		[U501]		/System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServicesUIAgent 
1		862		0.0		_spotlight		/usr/libexec/trustd --agent 
1		864		0.0		[U501]		/System/Library/PrivateFrameworks/PhotoLibraryPrivate.framework/Versions/A/Frameworks/PhotoLibraryServices.framework/Versions/A/XPCServices/com.apple.photomoments.xpc/Contents/MacOS/com.apple.photomoments 
1		865		0.0		[U501]		/System/Library/CoreServices/ScopedBookmarkAgent 
1		866		0.0		[U501]		/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper 
1		867		0.0		[U501]		/System/Library/PrivateFrameworks/PhotoLibrary.framework/Versions/A/XPCServices/com.apple.PhotoIngestService.xpc/Contents/MacOS/com.apple.PhotoIngestService 
1		868		0.0		[U501]		/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService -a 
1		869		0.0		_assetcache		/usr/libexec/AssetCache/AssetCache 
1		870		0.0		[U501]		/Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService 
1		873		0.0		_spotlight		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		874		0.0		_spotlight		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		875		0.0		_spotlight		/usr/sbin/distnoted agent 
1		878		0.0		[U501]		/System/Library/CoreServices/Siri.app/Contents/XPCServices/SiriNCService.xpc/Contents/MacOS/SiriNCService 
1		879		0.0		_spotlight		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		880		0.0		_spotlight		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared 
1		881		8.3		[U501]		/Applications/Google Chrome.app/Contents/MacOS/Google Chrome 
1		882		0.0		_gamecontrollerd		/usr/libexec/gamecontrollerd 
1		884		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Framework.framework/Helpers/crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/[U501]/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/Users/[U501]/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=65.0.3325.181 --handshake-fd=9 
881		886		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=gpu-process --field-trial-handle=2815163317949699066,4040934811228552914,131072 --gpu-preferences=KAAAAAAAAAAAAQAAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAAOAAAAAbAAAA2AAAAAAAAADgAAAAAAAAAOgAAAAAAAAA8AAAAAAAAAD4AAAAAAAAAAABAAAAAAAACAEAAAAAAAAQAQAAAAAAABgBAAAAAAAAIAEAAAAAAAAoAQAAAAAAADABAAAAAAAAOAEAAAAAAABAAQAAAAAAAEgBAAAAAAAAUAEAAAAAAABYAQAAAAAAAGABAAAAAAAAaAEAAAAAAABwAQAAAAAAAHgBAAAAAAAAgAEAAAAAAACIAQAAAAAAAJABAAAAAAAAmAEAAAAAAACgAQAAAAAAAKgBAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAsAAAAQAAAAAAAAAAAAAAAMAAAAEAAAAAAAAAAAAAAADgAAABAAAAAAAAAAAAAAAA8AAAAQAAAAAAAAAAAAAAARAAAAEAAAAAAAAAAAAAAAEgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAALAAAAEAAAAAAAAAABAAAADAAAABAAAAAAAAAAAQAAAA4AAAAQAAAAAAAAAAEAAAAPAAAAEAAAAAAAAAABAAAAEQAAABAAAAAAAAAAAQAAABIAAAAQAAAAAAAAAAMAAAALAAAAEAAAAAAAAAADAAAADAAAABAAAAAAAAAAAwAAAA4AAAAQAAAAAAAAAAUAAAAFAAAAEAAAAAAAAAAFAAAADgAAABAAAAAAAAAABQAAAA8AAAAQAAAAAAAAAAUAAAARAAAAEAAAAAAAAAAFAAAAEgAAABAAAAAAAAAABgAAAAUAAAAQAAAAAAAAAAYAAAAOAAAAEAAAAAAAAAAGAAAADwAAABAAAAAAAAAABgAAABEAAAAQAAAAAAAAAAYAAAASAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x1626 --gpu-driver-vendor --gpu-driver-version --gpu-driver-date --gpu-active-vendor-id=0x8086 --gpu-active-device-id=0x1626 --service-request-channel-token=35EBE6D4E550B1BB4C3FE95F38001DD3 
1		887		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Framework.framework/Versions/A/XPCServices/AlertNotificationService.xpc/Contents/MacOS/AlertNotificationService 
1		895		0.0		[U501]		/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService 
881		903		0.2		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=C855E745FE696534AEE8DEC5EE7D680C --lang=de --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=C855E745FE696534AEE8DEC5EE7D680C --renderer-client-id=14 
1		904		0.0		[U501]		/System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell 
1		1116		0.0		[U501]		/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd 
1		1120		0.0		root		/System/Library/PrivateFrameworks/InstallerDiagnostics.framework/Versions/A/Resources/installerdiagd 
1		1121		0.0		root		/usr/libexec/rtcreportingd 
1		1125		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single 
1		1126		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single 
1		1127		0.0		[U501]		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single 
1		1163		0.0		[U501]		/System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService 
1		1169		0.0		root		/System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService 
881		1184		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=D2E3F51CFDACD46445BCAF028F1E3325 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=D2E3F51CFDACD46445BCAF028F1E3325 --renderer-client-id=29 
881		1185		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=D8B6BB786BF048D9F72A1EEC2149E424 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=D8B6BB786BF048D9F72A1EEC2149E424 --renderer-client-id=30 
881		1186		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=79CDC23EF3DA55C4A6D5ADCC5FC070D5 --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=79CDC23EF3DA55C4A6D5ADCC5FC070D5 --renderer-client-id=31 
881		1187		0.0		[U501]		/Applications/Google Chrome.app/Contents/Versions/65.0.3325.181/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=renderer --field-trial-handle=2815163317949699066,4040934811228552914,131072 --service-pipe-token=2B208D48072F80158389F15C63FBC15B --lang=de --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --num-raster-threads=2 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=2B208D48072F80158389F15C63FBC15B --renderer-client-id=32 
1		1277		0.0		[U501]		/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService 
1		1278		0.0		root		/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd 
1		1280		0.0		[U501]		/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 13756C99-FA72-4494-B88C-E98220045D3F -post-exec 4 
1		1317		0.0		_spotlight		/System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.single 
1		1591		0.0		[U501]		/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd 
1		1592		0.0		root		/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd 
1		1593		0.0		root		/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd 
1		1594		0.0		root		/usr/bin/sysdiagnose 
1		1596		0.0		[U501]		/System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.apple.MediaLibraryService.xpc/Contents/MacOS/com.apple.MediaLibraryService 
1		1729		0.0		[U501]		/Applications/Safari.app/Contents/MacOS/Safari 
1		1730		0.0		[U501]		/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History 
1		1731		0.0		[U501]		/System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService 
1		1732		0.0		[U501]		/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd 
1		1734		0.0		[U501]		/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking 
1		1735		0.0		[U501]		/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service 
1		1736		0.0		root		/usr/libexec/dprivacyd 
1		1738		0.0		[U501]		/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService 
1		1761		0.0		[U501]		/System/Library/Frameworks/AddressBook.framework/Versions/A/Helpers/AddressBookSourceSync.app/Contents/MacOS/AddressBookSourceSync 
1		1762		0.0		root		/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd 
1		1764		6.9		[U501]		/Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift 
1		1890		0.0		[U501]		/System/Library/Frameworks/Metal.framework/Versions/A/XPCServices/MTLCompilerService.xpc/Contents/MacOS/MTLCompilerService 

«»EOF»«

Als ich den Rechner vorhin gestartet habe, habe ich nochmal auf die Seiten geachtet. Erst öffnet sich "adstore.club" oder so ähnlich, leider war es nur kurz zu sehen, und danach "myhompage.info" (ja, ohne "e").

wann sich das öffnet ist sehr sporadisch, aber ich melde mich einfach, wenn es nochmal passiert. Vielen Dank soweit!

mfg

Dante12 · 18.04.2018, 17:13

Zitat:

Wäre es aber nicht ein bisschen Paradox, dass ein AntiVirus Hersteller Malware verbreitet?

Der Artikel unten ist von 2014 aber eine neuere Version macht das alles nicht vertrauenswürdiger...

The Safe Mac » Avast installs adware!

Hast du das Log nach einer Deinstallation von Avast und nach einem Neustart erstellt? Es sieht nicht danach aus als ob es entfernt wurde. Um es komplett zu entfernen musst du den hauseigenen Uninstaller nutzen.

Wenn das Problem weiter besteht, müssen wir zuerst alle Eventualitäten eliminieren, dazu gehört auch Avast.

LiLciL · 19.04.2018, 18:35

hmm.. das ist allerdings seltsam, denn ich habe Avast auf allen meinen Geräten installiert und sowas ist bis jetzt noch nicht vorgekommen. das hier ist allerdings der erste Mac.

Ich habe das so desinstalliert, wie es in dem Link stand (Avast Secure Line, nicht das ganze Avast)

Es hat sich jetzt wieder diese Seite geöffnet. Also Avast mal deinstallieren? Welches AntiVirus Programm empfiehlst du?

mfg

Dante12 · 20.04.2018, 23:17

Das Proble muss nicht zwingend von deinem Rechner aus gehen, der Auslöser könnte auch über JavaScript auf der besuchten Webseite selbst das Problem darstellen.

Wenn du in Google Chrome Javascript abschaltest, erhältst du weiterhin popups? - Teste das mal bitte - gebe in der Adresszeile von Chrome folgendes ein oder kopiere es dorthin:

Code:

ATTFilter

chrome://settings/content/javascript

Deaktiviere JavaScript und teste auf der Problemseite.

Berichte wie es gelaufen ist, in der Zwischenzeit erstelle doch bitte ein neues Log mit EtreCheck.

Frage: Tritt das Problem auch mit anderen Browsern auf?

LiLciL · 24.04.2018, 21:19

Hi,

habe gar nicht mitbekommen, dass es hier eine neue Antwort gab.

Zitat:

Zitat von Dante12

Deaktiviere JavaScript und teste auf der Problemseite.

Habe ich deaktiviert, aber proaktiv testen kann ich es ja nicht, die Seite(n) öffnet/n sich sporadisch.

Hier der EtreCheck:

Code:

ATTFilter

EtreCheck version: 4.2.1 (4C020)
Report generated: 2018-04-24 08:37:06
Download EtreCheck from https://etrecheck.com
Runtime: 5:04
Performance: Below Average

Problem: No problem - just checking

Major Issues:
  Anything that appears on this list needs immediate attention.
  No Time Machine backup - Time Machine backup not found.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems.
  Clean up - There are orphan files that could be removed.
  Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
  Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
  32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:
  MacBook Air (11-inch, Early 2015)
  MacBook Air Model: MacBookAir7,1
  1 1,6 GHz Intel Core i5 (i5-5250U) CPU: 2-core
  4 RAM Not upgradeable
    BANK 0/DIMM0 - 2 GB DDR3 1600  ok
    BANK 1/DIMM0 - 2 GB DDR3 1600  ok
  Battery: Health = Normal - Cycle count = 79

Video Information:
  Intel HD Graphics 6000 - VRAM: 1536 MB
    Color LCD 1366 x 768

Drives:
  disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes) 
  Internal PCI 5.0 GT/s x2 Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 () 121.12 GB
      disk1s1 - O*********2 (APFS) 121.12 GB (99.62 GB used)
      disk1s2 - Preboot (APFS) [APFS Preboot] 121.12 GB (21 MB used)
      disk1s3 - Recovery (APFS) [Recovery] 121.12 GB (518 MB used)
      disk1s4 - VM (APFS) [APFS VM] 121.12 GB (2.15 GB used)

Mounted Volumes:
  disk1s1 - O*********2 121.12 GB (18.69 GB free)
  APFS
  Mount point: /
  Encrypted

  disk1s4 - VM [APFS VM]  121.12 GB (18.69 GB free)
  APFS
  Mount point: /private/var/vm
  
Network:
  Interface en3: iPhone
  Interface en0: Wi-Fi
    802.11 a/b/g/n/ac
    One IPv4 address
    2 IPv6 addresses
  Interface en2: Bluetooth PAN
  Interface bridge0: Thunderbolt Bridge
  iCloud Quota: 33.57 GB available

System Software:
  macOS High Sierra 10.13.4 (17E199) 
  Time since boot: Less than an hour
  System Load: 2.52 (1 min ago) 2.80 (5 min ago) 5.24 (15 min ago)

Security:
  System                       Status
  Gatekeeper                   Mac App Store and identified developers
  System Integrity Protection  Enabled

Unsigned Files:
  Launchd: /Library/LaunchDaemons/com.avast.uninstall.plist
    Executable: /Library/Application Support/Avast/hub/autouninstall.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchAgents/com.avast.userinit.plist
    Executable: /Library/Application Support/Avast/hub/userinit.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.init.plist
    Executable: /Library/Application Support/Avast/hub/init.sh
    Details: Exact match found in the whitelist - probably OK
  Launchd: /Library/LaunchDaemons/com.avast.update.plist
    Executable: /Library/Application Support/Avast/components/update/update.sh
    Details: Exact match found in the whitelist - probably OK

32-bit Applications:
  6 32-bit apps

Kernel Extensions:
  /Library/Application Support/Avast/components/fileshield/signed
    [Loaded]     AvastFileShield.kext (4.0.0 - SDK 10.12)

  /Library/Application Support/Avast/components/proxy/signed
    [Loaded]     AvastPacketForwarder.kext (2.1 - SDK 10.12)

  /Library/Extensions
    [Loaded]     MB_MBAM_Protection.kext (3.2 - SDK 10.13)

System Launch Agents:
  [Not Loaded]  8 Apple tasks
  [Loaded]      165 Apple tasks
  [Running]     119 Apple tasks
  [Other]       One Apple task

System Launch Daemons:
  [Not Loaded]  37 Apple tasks
  [Loaded]      182 Apple tasks
  [Running]     116 Apple tasks

Launch Agents:
  [Loaded]     com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]     com.avast.userinit.plist (? bb25154c  - installed 2018-03-11)
  [Running]    com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26)

Launch Daemons:
  [Running]    com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]     com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-04-16)
  [Loaded]     com.avast.uninstall.plist (? 22f94791  - installed 2018-03-11)
  [Loaded]     com.avast.init.plist (? fc55b6fa  - installed 2018-03-11)
  [Other]      com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
  [Loaded]     com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2016-01-09)
  [Loaded]     com.avast.update.plist (? 5c6ac355  - installed 2018-03-11)

User Launch Agents:
  [Loaded]     com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
  [Loaded]     com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-15)
  [Other]      com.avast.home.userinit.plist (? 0  - installed 2017-12-20)
  [Loaded]     com.sqwarq.DetectX-Swift.observer.plist (Philip Stokes - installed 2018-04-18)

User Login Items:
  Unified Remote Programm (Unified Intents AB
     (/Applications/Unified Remote.app)
  Dropbox Programm (Dropbox, Inc.
     (/Applications/Dropbox.app)
  iTunesHelper Programm (Apple - installed 2018-04-08)
     (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Internet Plug-ins:
  QuickTime Plugin: 7.7.3 (installed 2018-04-17)

Time Machine:
  Time Machine Not Configured!

Top Processes by CPU:
  Process (count)           Source          % of CPU
  Google Chrome Helper (8)  Google, Inc.         46 
  Google Chrome             Google, Inc.         20 
  WindowServer              Apple                19 
  kernel_task               Apple                 9 
  helpd                     Apple                 7 

Top Processes by Memory:
  Process (count)                   Source          RAM usage
  kernel_task                       Apple              610 MB
  Google Chrome Helper (8)          Google, Inc.       414 MB
  com.apple.WebKit.WebContent (10)  Apple              365 MB
  mdworker (18)                     Apple              241 MB
  Google Chrome                     Google, Inc.       119 MB

Top Processes by Network Use:
  Process          Source                 Input  Output
  Dropbox          Dropbox, Inc.         100 KB  251 KB
  mDNSResponder    Apple                  63 KB   38 KB
  netbiosd         Apple                  12 KB    6 KB
  apsd             Apple                   4 KB    4 KB
  com.avast.proxy  AVAST Software a.s.     6 KB    2 KB

Top Processes by Energy Use:
  Process (count)           Source                 Energy usage (0-100)
  Google Chrome Helper (8)  Google, Inc.           21
  WindowServer              Apple                  14
  Google Chrome             Google, Inc.           8
  Microsoft Excel           Microsoft Corporation  2
  hidd                      Apple                  1

Virtual Memory Information:
  Available RAM    989 MB
  Free RAM          19 MB
  Used RAM        3.03 GB
  Cached files     971 MB
  Swap Used        202 MB

Clean up:
  ~/Library/LaunchAgents/com.avast.home.userinit.plist
    /Users/***/Library/Application Support/Avast/hub/userinit.sh
    Executable not found

Diagnostics Information (past 7 days):
  2018-04-17 09:27:45 CalendarAgent Crash (once)

End of report

Das Problem tritt nur in Chrome auf.

Ich melde mich wieder, wenn es auftritt (oder ne ganze Weile nicht mehr

)

MfG

Hey,
die Seite hat sich wieder geöffnet.

MfG

Dante12 · 25.04.2018, 08:09

EDiT

Code:

ATTFilter

~/Library/LaunchAgents/com.avast.home.userinit.plist 
/Users/***/Library/Application Support/Avast/hub/userinit.sh

Bitte erstelle einen Ordner auf deinem Desktop (benenne diesen in Avast-Init).
Kopiere oder verschiebe die beiden oben genannten Dateien in diesen Ordner.
Rechtsklick auf den Ordner und wähle "Avast-Init komprimieren".
Den gepackten Ordner bitte per PN an mich senden.

Starte bitte nochmal EtreCheck um folgende Dateien zu entfernen:

Code:

ATTFilter

~/Library/LaunchAgents/com.avast.home.userinit.plist 
/Users/***/Library/Application Support/Avast/hub/userinit.sh

Klicke auf Cleanup neben diesen Dateien die werden dann gelöscht.

Starte den Rechner neu.

Teste bitte nochmal. Ich habe nichts relevantes gefunden was zu diesen Pop-Ups führen könnte. Die einzige Komponente ist Avast aber würde mich echt wundern wenn es daran liegt.

Entferne alle Erweiterungen aus Google Chrome und teste bitte. Sollt das Problem hier nicht auftreten, dann installiere die vor dir benötigten Erweiterungen einzeln und teste wiederholt.

Frage: Kannst du mir bitte den Link zu der Seite geben bzw. die Seite die du vorher besuchst hast bevor du weitergeleitet wirst?

LiLciL · 26.04.2018, 06:49

@cosinus: weil der TE nach 3 Jahren nochmal aufwacht?

Habe dir die Dateien geschickt. Die zweite Datei war nicht in der User Library wie angegeben, sondern nur in der "normalen".

Die Seite ist hxxp://myhompage.info/
Die davor kriege ich so schnell nicht kopiert.

MfG

Habe die Seite davor jetzt doch bekommen, ohne Internet leitet die nämlich nicht weiter: hxxp://adsstore.club/

Heißt: Fehler ist wieder aufgetreten. Ich werde jetzt mal alle Erweiterungen in Chrome deaktivieren.

MfG

Dante12 · 26.04.2018, 10:24

Nutzt du Downloadportale wie z.B. Chip oder Macupdate? Freie Software von diesen Portalen kommt oft mit Adware daher.

Wie ich bereits oben geschrieben habe:

1. Deinstalliere Avast mit den hauseignen Uninstaller komplett
2. Setze Google Chrome zurück und lösche alle Erweiterungen

Klicke auf das Google Menü (drei Punkte oben rechts).
Klicke auf Einstellungen scrolle nach unten und anschliessend auf Erweitert
wieder nach unten Scrollen und Einstellungen zurücksetzen auswählen
Abschliessend auf den Button Zurücksetzen.

3. Zusätzlich führe im Terminal folgendes aus.

Code:

ATTFilter

sudo profiles list

Als Ergebnis sollte folgendes stehen:

Zitat:

There are no configuration profiles installed in the system domain

Wenn etwas anderes steht bitte kopieren und hier Posten.

4. Erstelle ein Log mit sysDiag

SysDiag

Lade dir bitte das script SysDiag.sh von unseren Server herunter
Entpacken und auf dein Desktop verschieben
Öffne dein Terminal und gebe folgendes ein (kopieren und einfügen) - du benötigst dein Admin-Passwort:
Code:
ATTFilter
```
cd ~/Desktop;sh sysDiag.sh
         
```
Auf deinem Desktop wird die Datei syslist.txt erstellt und ein Fenster mit dem Inhalt wird geöffnet.
Kopiere das Log und füge es hier ein - wie immer bitte in Code-Tags

LiLciL · 01.05.2018, 11:12

Hey, gute Nachrichten und in diesem Sinne vielen Dank für deine Hilfe!

Die Erweiterung "AdBlock Plus 1.2" oder so ähnlich (kann man bestimmt noch im Log nachlesen) hat den Fehler verursacht! Hierbei hat es sich wahrscheinlich um eine Fälschung gehandelt, die Erweiterung wurde ohne Logo angezeigt. Ich finde die Erweiterung jetzt auch nicht mehr. Jetzt habe ich das Original installiert mit dem Stoppschild als Logo in dem ABP steht.

Vielen Dank!

Dante12 · 04.05.2018, 13:57

Prima

Zitat:

Die Erweiterung "AdBlock Plus 1.2" oder so ähnlich (kann man bestimmt noch im Log nachlesen)

Hast du die Erweiterung im Papierkorb noch oder den Link zu der Seite? Ich würde das gern untersuchen.

LiLciL · 09.05.2018, 10:43

Leider nicht, im Papierkorb sehe ich keine Chrome Erweiterungen und im Erweiterungen Store finde ich es auch nicht mehr.

Google Chrome (auf Mac!) öffnet permanent automatisch Werbung

Alles rund um Mac OSX & Linux: Google Chrome (auf Mac!) öffnet permanent automatisch Werbung