Installer wurde unerwartet beendet

[Kolibri11]

Diese Meldung erscheint sofort, wenn ich meinen Account starte.
... mit folgender Fehlermeldung. Kann mir jemand weiterhelfen?

Danke


Process: Installer [1886]
Path: /Users/USER/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer
Identifier: Installer
Version: ???
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: Installer [1886]
User ID: 503

Date/Time: 2019-02-21 13:44:27.395 +0100
OS Version: Mac OS X 10.14.2 (18C54)
Report Version: 12
Anonymous UUID: 2D5D32D7-D88D-210A-E5AB-C525CFFCFF26

Sleep/Wake UUID: 8947B2D0-C2D9-47FA-BF53-FEB6AE7C0D3A

Time Awake Since Boot: 15000 seconds
Time Since Wake: 9200 seconds

System Integrity Protection: enabled

Crashed Thread: Unknown

Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: Namespace CODESIGNING, Code 0x1

kernel messages:

Backtrace not available

Unknown thread crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000
rdi: 0x0000000000000000 rsi: 0x0000000000000000 rbp: 0x0000000000000000 rsp: 0x00007ffee79abb28
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000
r12: 0x0000000000000000 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
rip: 0x0000000117223000 rfl: 0x0000000000000200 cr2: 0x0000000000000000

Logical CPU: 0
Error Code: 0x00000000
Trap Number: 0


Binary images description not available


External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 12267
thread_create: 0
thread_set_state: 0

Model: iMac18,3, BootROM 166.0.0.0.0, 4 processors, Intel Core i5, 3.4 GHz, 16 GB, SMC 2.41f1
Graphics: Radeon Pro 570, Radeon Pro 570, PCIe
Memory Module: BANK 0/DIMM0, 8 GB, DDR4, 2400 MHz, 0x802C, 0x3841544631473634485A2D324733453220202020
Memory Module: BANK 1/DIMM0, 8 GB, DDR4, 2400 MHz, 0x802C, 0x3841544631473634485A2D324733453220202020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x16F), Broadcom BCM43xx 1.0 (7.77.61.1 AirPortDriverBrcmNIC-1305.2)
Bluetooth: Version 6.0.9f2, 3 services, 27 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Network Service: Wi-Fi, AirPort, en1
Serial ATA Device: APPLE HDD ST1000DM003, 1 TB
USB Device: USB 3.0 Bus
USB Device: Bluetooth USB Host Controller
USB Device: FaceTime HD Camera (Built-in)
USB Device: USB Laser Mouse
USB Device: M288x Series
Thunderbolt Bus: iMac, Apple Inc., 39.2

 

[walfreiheit]

Du scheinst dir Schadsoftware eingefangen zu haben.

Lass mal EtreCheck laufen und teile uns hier das Ergebnis mit. Das ausgegebene Protokoll kannst du hier einfügen, indem du beim Erstellen eines Beitrags oben auf das +-Symbol klickst, und dann auf "</> Code".

Gegebenenfalls musst du das Protokoll aufgrund der Länge in zwei oder mehrere Beiträge aufteilen.

 

[Kolibri11]

Danke,

EtreCheck version: 5.1 (5020)

Report generated: 2019-02-21 14:09:05

Download EtreCheck from https://etrecheck.com

Runtime: 1:39

Performance: Excellent

Sandbox: Enabled

Full drive access: Disabled


Problem: Apps are crashing


Major Issues:

Anything that appears on this list needs immediate attention.


Adware - Adware detected.


Minor Issues:

These issues do not need immediate attention but they may indicate future problems.


Unsigned files - There are unsigned software files installed. They appear to be legitimate but should be reviewed.

Limited drive access - More information may be available with Full Drive Access.


Hardware Information:

iMac (Retina 5K, 27-inch, 2017)

iMac Model: iMac18,3

1 3.4 GHz Intel Core i5 (i5-7500) CPU: 4-core

16 GB RAM - Upgradeable

BANK 0/DIMM0 - 8 GB DDR4 2400 ok

BANK 0/DIMM1 - Empty

BANK 1/DIMM0 - 8 GB DDR4 2400 ok

BANK 1/DIMM1 - Empty


Video Information:

Radeon Pro 570 - VRAM: 4096 MB

iMac 5120 x 2880


Drives:

disk0 - APPLE HDD ST1000DM003 1.00 TB (Mechanical - 7200 RPM)

Internal SATA 6 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 [APFS Fusion Drive] 1000.00 GB

disk2 [APFS Virtual drive] 1.03 TB (Shared by 4 volumes)

disk2s1 - Macintosh HD (APFS) (Shared - 163.39 GB used)

disk2s2 - Preboot (APFS) [APFS Preboot] (Shared)

disk2s3 - Recovery (APFS) [Recovery] (Shared)

disk2s4 - VM (APFS) [APFS VM] (Shared - 2.15 GB used)


disk1 - APPLE SSD SM0032L 28.00 GB (Solid State - TRIM: Yes)

Internal PCI-Express 8.0 GT/s x2 NVM Express

disk1s1 - EFI [EFI] 315 MB

disk1s2 [APFS Fusion Drive] 27.69 GB

disk2 [APFS Virtual drive] 1.03 TB (Shared by 4 volumes)

disk2s1 - Macintosh HD (APFS) (Shared - 163.39 GB used)

disk2s2 - Preboot (APFS) [APFS Preboot] (Shared)

disk2s3 - Recovery (APFS) [Recovery] (Shared)

disk2s4 - VM (APFS) [APFS VM] (Shared - 2.15 GB used)


Mounted Volumes:

disk2s1 - Macintosh HD 1.03 TB (857.07 GB free)

APFS

Mount point: /


disk2s4 - VM [APFS VM] (Shared - 2.15 GB used)

APFS

Mount point: /private/var/vm


Network:

Interface en0: Ethernet

Interface bridge0: Thunderbolt Bridge

Interface en1: Wi-Fi

802.11 a/b/g/n/ac

Interface en4: Bluetooth PAN


System Software:

macOS Mojave 10.14.2 (18C54)

Time since boot: About 5 hours

 

[Kolibri11]

Security:

GatekeeperEnabled

System Integrity ProtectionEnabled


Adware:

Launchd: ~/Library/LaunchAgents/InstallMac.AppVemoral.plist

Reason: Adware name match

Executable: ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer -trigger AppRemoval -isDev 0 -installVersion 1411 -firstAppId 730980002 -identity InstallMac

Launchd: ~/Library/LaunchAgents/InstallMac.btvlit.plist

Reason: Adware name match

Executable: ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer -trigger ltvbit -isDev 0 -installVersion 1411 -firstAppId 730980002 -identity InstallMac

Launchd: ~/Library/LaunchAgents/InstallMac.disable.plist

Reason: Adware name match

Executable: ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer -trigger disable -isDev 0 -installVersion 1411 -firstAppId 730980002 -identity InstallMac

Launchd: ~/Library/LaunchAgents/InstallMac.dolnwoad.plist

Reason: Adware name match

Executable: ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer -trigger download -isDev 0 -installVersion 1411 -firstAppId 730980002 -sig GENIEO_SIGNATURE -identity InstallMac


Unsigned Files:

Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist

Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/LaunchDaemons/com.huawei.mbbservice.plist

Executable: /Library/StartupItems/MobileBrServ/mbbservice

Details: Exact match found in the whitelist - probably OK


Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck

Details: Exact match found in the whitelist - probably OK


Launchd: ~/Library/LaunchAgents/com.adobe.ARM.***.plist

Executable: /Applications/Adobe Reader 9__/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper

Details: Close match found in the whitelist - probably OK


System Launch Agents:

[Not Loaded] 16 Apple tasks

[Loaded] 180 Apple tasks

[Running] 103 Apple tasks


System Launch Daemons:

[Not Loaded] 38 Apple tasks

[Loaded] 178 Apple tasks

[Running] 118 Apple tasks

[Other] One Apple task


Launch Agents:

[Not Loaded] com.oracle.java.Java-Updater.plist (? f36684e4 - installed 2018-12-16)

[Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2011-05-31)

[Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2015-06-21)


Launch Daemons:

[Running] com.huawei.mbbservice.plist (? d59902d6 - installed 2018-09-01)

[Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2019-01-28)

[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2010-08-31)

[Loaded] com.skype.skypeinstaller.plist (? e22fb79d - installed 2015-05-31)

[Loaded] com.ea.origin.ESHelper.plist (? f5bab3e4 - installed 2014-06-27)

[Running] com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist (? 9166218c - installed 2016-08-03)

[Not Loaded] com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2018-12-16)


User Launch Agents:

[Loaded] com.adobe.ARM.***.plist (? 0 - installed 2010-03-30)

[Loaded] InstallMac.AppVemoral.plist (K444F5Z2ZH - installed 2018-12-23)

[Loaded] InstallMac.disable.plist (K444F5Z2ZH - installed 2018-12-23)

[Loaded] com.adobe.ARM.***.plist (? 0 - installed 2013-10-31)

[Loaded] InstallMac.btvlit.plist (K444F5Z2ZH - installed 2018-12-23)

[Loaded] com.adobe.ARM.***.plist (? 0 - installed 2011-09-02)

[Loaded] InstallMac.dolnwoad.plist (K444F5Z2ZH - installed 2018-12-23)


Internet Plug-ins:

JavaAppletPlugin: Java 8 Update 201 build 09 (installed 2019-02-13)

o1dbrowserplugin: 5.41.3.0 (installed 2018-01-20)

Unity Web Player: UnityPlayer version 5.0.3f2 (installed 2015-06-13)

Musicnotes: 1.17.3 (installed 2009-06-26)

NP2020Player: 4.5.2.0 (installed 2010-01-11)

AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 (installed 2015-06-21)

FlashPlayer-10.6: 32.0.0.142 (installed 2019-02-12)

AdobePDFViewerNPAPI: 11.0.11 (installed 2015-06-21)

Silverlight: 5.1.30514.0 (installed 2014-07-28)

QuickTime Plugin: 7.7.3 (installed 2018-11-30)

Flash Player: 32.0.0.142 (installed 2019-02-12)

googletalkbrowserplugin: 5.41.3.0 (installed 2015-12-11)

SharePointBrowserPlugin: 14.7.7 (installed 2017-09-20)

AdobePDFViewer: 11.0.11 (installed 2015-06-21)

iPhotoPhotocast: 6.0 (installed 2008-03-19)

CitrixICAClientPlugIn: 11.4.3 (installed 2012-08-23)

Scorch: (installed 2015-09-09)

DirectorShockwave: 11.6.8r638 (installed 2012-12-03)


3rd Party Preference Panes:

Flash Player (installed 2019-01-28)

Java (installed 2019-02-13)


Time Machine:

Time Machine information not available without Full Drive Access.


Performance:

System Load: 1.56 (1 min ago) 1.01 (5 min ago) 0.91 (15 min ago)

Nominal I/O speed: 0.23 MB/s

File system: 26.23 seconds

Write speed: 819 MB/s

Read speed: 1518 MB/s


CPU Usage:

Type Overall

System 3 %

User 5 %

Idle 92 %


Top Processes by CPU:

Process (count) CPU (Source - Location)

EtreCheck 16.23 % (App Store)

Other processes 11.06 % (?)

com.apple.WebKit.WebContent 1.39 % (Apple)

iconservicesagent 0.80 % (Apple)

Safari 0.80 % (Apple)


Top Processes by Memory:

Process (count) RAM usage (Source - Location)

EtreCheck 640 MB (App Store)

App Store 419 MB (Apple)

com.apple.WebKit.WebContent 319 MB (Apple)

Dock 177 MB (Apple)

Mail 161 MB (Apple)


Top Processes by Network Use:

Process Input / Output (Source - Location)

Mail 5 MB / 8 KB (Apple)

mDNSResponder 423 KB / 215 KB (Apple)

apsd 9 KB / 10 KB (Apple)

firefox 5 KB / 3 KB (?)

netbiosd 4 KB / 2 KB (Apple)


Virtual Memory Information:

Available RAM 7.94 GB

Free RAM 3.47 GB

Used RAM 8.06 GB

Cached files 4.47 GB

Swap Used 0 B


Software Installs (past 30 days):

Install Date Name (Version)

2019-02-03 Finale 2011

2019-02-06 MRTConfigData (1.39)

2019-02-09 Printer Driver

2019-02-12 Adobe Flash Player

2019-02-12 Garritan ARIA Player

2019-02-12 Finale

2019-02-12 Garritan Instruments for Finale

2019-02-13 Java 8 Update 201

2019-02-19 SmartScore X2 Pro Demo

2019-02-19 PhotoScore Ultimate Demo

2019-02-19 Scan Assistant

2019-02-21 Gatekeeper Configuration Data (163)

2019-02-21 EtreCheck (5.1)


Diagnostics Information (past 7 days):

Directory /Library/Logs/DiagnosticReports is not accessible without Full Drive Access.


End of report

 

[ekki161]

Adware - Adware detected.


Minor Issues:

These issues do not need immediate attention but they may indicate future problems.
Unsigned files - There are unsigned software files installed. They appear to be legitimate but should be reviewed.

Limited drive access - More information may be available with Full Drive Access.

Das solltest du mal ändern und die Adware entfernen.

Edit: Willkommen bei macuser.de.

 

[pmau]

Wer weiss wo der Installer herkommt:

Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: Namespace CODESIGNING, Code 0x1

 

[oneOeight]

geh mal bei dir ins home und lösch dort in Library/LaunchAgents/ alles mit InstallMac im namen.
danach dann in Library/Application Support den ordner InstallMac löschen.

eventuell läuft die malware aber noch und installiert sich selbst neu, falls die prozesse nicht in der aktivitätsanzeige löschst.

 

[Kolibri11]

Habe in LaunchAgents 3 Programme gelöscht


Den Ordner InstallMac finde ich nicht.

 

[Schiffversenker]

Path: /Users/USER/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

Die Benutzerlibrary ist versteckt, erreichst du, wenn du im Findermenü "Gehe zum Ordner" die ALT-Taste gedrückt hältst.

 

[Kolibri11]

Vielen Dank - sehr hilfreich.
Die Fehlermeldung kommt nicht mehr.

 

[walfreiheit]

Mach mal noch einen EtreCheck und schau, ob du alles entfernt hast.

 

[kira12]

Hallo,

uns Malewarebyte drüber laufen lassen schadet auch nicht.

Gruß ré