Safari

[1456M]

Hallo,

mein Safari oeffnet haeufig neue Fenster (obwohl ich jetzt Popup blocker angestellt habe).
Versehentliches rueberscrollen auf einer Anzeige kann es in der Haeufigkeit auch nicht sein.
Einige Webseiten zeigen teilweise auch etwas eigenartige html addressen an bevor sie zur webseite gehen. Z.Bsp. Americanexpress, nach dem Login geht es erst ueber contrivo etc. zu global.americanexpress.com.

Was passiert da?

Liegt das an meinem Mac/Safari oder koennen es Einstellungen der Internetverbindung sein
(eher unwahrscheinlich - bin nur zu Besuch in Deutschland) ?

 

[noodyn]

klingt eher nach Malware. Check mal deinen Rechner: https://de.malwarebytes.com/mac/

 

[mreball]

Du hast Dir, wie hier schon öfter vorgekommen, wahrscheinlich Malware eingefangen. Die Lösung findest Du hier. Falls es dannach immer noch Probleme gibt, poste das Ergebnis davon hier, wie unten beschrieben.

 

[1456M]

danke. programm hat was gefunden, hab es geloescht und neugestartet.
kann diese malware auch das herunterfahren verhindern bzw. dadurch das im hintergrund laeuft dazu fuehren das der Luefter immer auf hochtouren ist?

 

[mreball]

kann diese malware auch das herunterfahren verhindern bzw. dadurch das im hintergrund laeuft dazu fuehren das der Luefter immer auf hochtouren ist?

Welche Malware war es denn? Ich glaube aber eher nicht. Mach mal das mit dem Etrecheck, dann kann man evtl. sagen ob in Deinem System noch was quer liegt.

 

[1456M]

ETR check hat das hier gefunden.

/Library/LaunchAgents/com.phlegmonic.plist

malware hat nen paar daemons gefunden

 

[Impcaligula]

Könntest Du den kompletten Log bitte hier in Code Tags einstellen - wie man auch gebeten hat? Danke!

 

[mreball]

Mach mal richtig, da scheint ja immer noch Malware drauf zu sein und poste den kompletten Etrecheck-Bericht wie unten beschrieben.

 

[1456M]

EtreCheck version: 3.1.5 (343)

Report generated 2017-03-24 18:35:16

Download EtreCheck from https://etrecheck.com

Runtime 1:26

Performance: Excellent



Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.



Problem: No problem - just checking



Hardware Information: ⓘ

    MacBook Pro (Retina, 15-inch, Mid 2015) 

    [Technical Specifications] - [User Guide] - [Warranty & Service]

    MacBook Pro - model: MacBookPro11,5

    1 2,8 GHz Intel Core i7 (i7-4980HQ) CPU: 4-core

    16 GB RAM Not upgradeable

        BANK 0/DIMM0

            8 GB DDR3 1600 MHz ok

        BANK 1/DIMM0

            8 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless:  en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 109


Video Information: ⓘ

    AMD Radeon R9 M370X - VRAM: 2048 MB

        Color LCD 2880 x 1800

    Intel Iris Pro


System Software: ⓘ

    macOS Sierra  10.12.3 (16D32) - Time since boot: less than an hour


Disk Information: ⓘ

    APPLE SSD SM1024G disk0 : (1 TB) (Solid State - TRIM: Yes)

    [Show SMART report]

        EFI (disk0s1) <not mounted> : 210 MB 

        Macintosh HD (disk0s2) /  [Startup]: 999.70 GB (597.38 GB free)

        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB 


USB Information: ⓘ

    Apple Inc. Apple Internal Keyboard / Trackpad 

    Broadcom Corp. Bluetooth USB Host Controller 


Thunderbolt Information: ⓘ

    Apple Inc. thunderbolt_bus


Gatekeeper: ⓘ

    Mac App Store and identified developers


Unknown Files: ⓘ

    /Library/LaunchAgents/com.phlegmonic.plist

       

    One unknown file found. [Check files]


Kernel Extensions: ⓘ

        /Applications/Kies.app

    [not loaded]    com.devguru.driver.SamsungACMControl (1.4.25 - SDK 10.6 - 2015-04-03) [Support]

    [not loaded]    com.devguru.driver.SamsungACMData (1.4.25 - SDK 10.6 - 2015-04-03) [Support]

    [not loaded]    com.devguru.driver.SamsungComposite (1.4.25 - SDK 10.6 - 2015-04-03) [Support]

    [not loaded]    com.devguru.driver.SamsungMTP (1.4.25 - SDK 10.5 - 2015-04-03) [Support]

    [not loaded]    com.devguru.driver.SamsungSerial (1.4.25 - SDK 10.6 - 2015-04-03) [Support]



        /System/Library/Extensions

    [not loaded]    com.Huawei.driver.HuaweiDataCardDriver (4.0.8 - 2017-03-23) [Support]

    [not loaded]    com.ZTE.driver.ZTEUSBCDCACMControl (ZTEDriver_MacV1.1.2 - 2017-03-23) [Support]

    [not loaded]    com.ZTE.driver.ZTEUSBCDCACMData (ZTEDriver_MacV1.1.2 - 2017-03-23) [Support]

    [not loaded]    com.novatelwireless.driver.3G (2.1 - 2017-03-23) [Support]

    [not loaded]    com.novatelwireless.driver.DisableAutoInstall (1.0.1 - 2017-03-23) [Support]



        /System/Library/Extensions/NovatelWireless3G.kext/Contents/Plugins

    [not loaded]    com.novatelwireless.driver.3GData (2.1 - 2010-08-25) [Support]



Startup Items: ⓘ

    GT Network Tuning: Path: /System/Library/StartupItems/GT Network Tuning

    NMPCCardDaemonVMC: Path: /System/Library/StartupItems/NMPCCardDaemonVMC

    NMPPPMonitor: Path: /System/Library/StartupItems/NMPPPMonitor

    HWNetMgr: Path: /Library/StartupItems/HWNetMgr

    HWPortDetect: Path: /Library/StartupItems/HWPortDetect

    ProTec6b: Path: /Library/StartupItems/ProTec6b

    Startup items no longer function in OS X Yosemite or later

 

[1456M]

System Launch Agents: ⓘ

    [not loaded]    7 Apple tasks

    [loaded]    180 Apple tasks

    [running]    93 Apple tasks


System Launch Daemons: ⓘ

    [not loaded]    40 Apple tasks

    [loaded]    169 Apple tasks

    [running]    103 Apple tasks


Launch Agents: ⓘ

    [failed]    cn.com.zte.usbswapper.plist (2008-06-11) [Support] - /Applications/Vodafone Mobile Connect/Vodafone Mobile Connect.app/Contents/Resources/Specific/Mac_SwapperDemon.app/Contents/MacOS/Mac_SwapperDemon: Executable not found!

    [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (2017-01-12) [Support]

    [failed]    com.apple.tuxler.plist (2012-04-22) - /Applications/Tuxler.app/Contents/MacOS/Tuxler2: Executable not found!

    [loaded]    com.oracle.java.Java-Updater.plist (2016-11-04) [Support]

    [not loaded]    com.phlegmonic.plist (2017-03-23) [Support]

    [failed]    jp.co.canon.CUPSCMFP.BG.plist (2012-11-22) [Support] - /Library/Printers/Canon/CUPSCMFP/BackGrounder/Canon CMFP BackGrounder.app/Contents/MacOS/Canon CMFP BackGrounder: Executable not found!

    [running]    jp.co.canon.CUPSSFP.BG.plist (2015-01-21) [Support]

    [failed]    jp.co.canon.UFR2.BG.plist (2012-11-22) [Support] - /Library/Printers/Canon/UFR2/Utilities/UFR II BackGrounder.app/Contents/MacOS/UFR II BackGrounder: Executable not found!

    [running]    org.gpgtools.Libmacgpg.xpc.plist (2016-10-14) [Support]

    [loaded]    org.gpgtools.gpgmail.enable-bundles.plist (2015-09-21) [Support]

    [loaded]    org.gpgtools.gpgmail.patch-uuid-user.plist (2015-09-21) [Support]

    [loaded]    org.gpgtools.macgpg2.fix.plist (2017-01-20) [Support]

    [running]    org.gpgtools.macgpg2.shutdown-gpg-agent.plist (2017-01-20) [Support]

    [loaded]    org.gpgtools.updater.plist (2017-03-05) [Support]


Launch Daemons: ⓘ

    [loaded]    com.adobe.ARMDC.Communicator.plist (2017-01-12) [Support]

    [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2017-01-12) [Support]

    [loaded]    com.adobe.fpsaud.plist (2017-03-01) [Support]

    [failed]    com.apple.tuxlerext.plist (2017-01-13)

    [running]    com.malwarebytes.HelperTool.plist (2017-03-24) [Support]

    [loaded]    com.oracle.java.Helper-Tool.plist (2016-09-23) [Support]

    [loaded]    org.gpgtools.gpgmail.patch-uuid.plist (2015-09-21) [Support]


User Launch Agents: ⓘ

    [failed]    com.adobe.ARM.[...].plist (2012-02-01) [Support] - /Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper: Executable not found!

 

[1456M]

User Login Items: ⓘ

    iTunesHelper    Programm   (2017-03-23)

        (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    727.emlx    E-Mail Hidden 

        (~/Library/Mail/V4/POP-409190@pop3.schust.net/INBOX.mbox/5E611863-7EF5-452A-8CC1-C4AEF922DE46/Data/Messages/727.emlx)

    Dropbox    Programm  

        (/Applications/Dropbox.app)

    WDDriveUtilityHelper    Programm  

        (/Applications/WD Drive Utilities.app/Contents/WDDriveUtilityHelper.app)

    Android File Transfer Agent    Programm  

        (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

    Garmin Express Service    Programm  

        (~/.Trash/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app)

    KiesAgent    Programm Hidden  (2015-04-03)

        (/Applications/Kies.app/Contents/MacOS/KiesAgent.app)

    fuspredownloader    Programm Hidden 

        (~/Library/Application Support/.FUS/fuspredownloader.app)


Internet Plug-ins: ⓘ

    Flip4Mac WMV Plugin: 3.0.0.126   - SDK 10.8 (2013-02-10) [Support]

    FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

    QuickTime Plugin: 7.7.3 (2016-12-28)

    AdobePDFViewerNPAPI: 15.023.20056 - SDK 10.11 (2017-01-30) [Support]

    AdobePDFViewer: 15.023.20056 - SDK 10.11 (2017-01-30) [Support]

    Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

    JavaAppletPlugin: Java 8 Update 111 build 14 (2016-11-04) Check version

    iPhotoPhotocast: 7.0 - SDK 10.8 (2013-10-19)



User internet Plug-ins: ⓘ

    OctoshapeWeb: 1.0 (2009-11-06) [Support]

    Picasa: 1.0 - SDK 10.6 (2014-03-05) [Support]



Safari Extensions: ⓘ

    Open in Internet Explorer - Parallels - http://www.parallels.com (2012-11-08)


3rd Party Preference Panes: ⓘ

    Flash Player (2017-03-01) [Support]

    Flip4Mac WMV (2012-09-15) [Support]

    FUSE for OS X (OSXFUSE) (2012-07-30) [Support]

    GPGPreferences (2017-01-20) [Support]

    Java (2016-11-04) [Support]

    Perian (2011-07-24) [Support]


Time Machine: ⓘ

    Skip System Files: NO

    Mobile backups: ON

    Auto backup: YES

    Volumes being backed up:

        Macintosh HD: Disk size: 999.70 GB Disk used: 402.32 GB

    Destinations:

        Time Machine Backup [Local] 

        Total size: 999.86 GB 

        Total number of backups: 20 

        Oldest backup: 12.01.16, 12:44 

        Last backup: 17.03.17, 20:55 

        Size of backup disk: Too small

            Backup size 999.86 GB < (Disk used 402.32 GB X 3)


Top Processes by CPU: ⓘ

        32%       com.apple.WebKit.Databases

        4%       kernel_task

        3%       WindowServer

        2%       hidd

        2%       fontd


Top Processes by Memory: ⓘ

    1.46 GB       com.apple.WebKit.WebContent(8)

    1.28 GB       kernel_task

    557 MB        Mail

    311 MB        mds_stores

    197 MB        Safari


Virtual Memory Information: ⓘ

    9.60 GB       Available RAM

    5.59 GB       Free RAM

    6.40 GB       Used RAM

    4.01 GB       Cached files

    0 B           Swap Used


Diagnostics Information: ⓘ

    Mar 24, 2017, 05:51:48 PM    Self test - passed

    Mar 24, 2017, 02:28:12 PM    /Library/Logs/DiagnosticReports/launchservicesd_2017-03-24-142812_[redacted].crash

        /System/Library/CoreServices/launchservicesd

    Mar 24, 2017, 03:20:46 AM    /Library/Logs/DiagnosticReports/launchservicesd_2017-03-24-032046_[redacted].crash

    Mar 23, 2017, 10:57:56 PM    /Library/Logs/DiagnosticReports/Safari_2017-03-23-225756_[redacted].hang

        /Applications/Safari.app/Contents/MacOS/Safari

    Mar 23, 2017, 10:56:05 PM    /Library/Logs/DiagnosticReports/com.apple.WebKit.Databases_2017-03-23-225605_[redacted].cpu_resource.diag [Details]

        /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Databases.xpc/Contents/MacOS/com.apple.WebKit.Databases

    Mar 23, 2017, 09:06:11 PM    /Library/Logs/DiagnosticReports/launchservicesd_2017-03-23-210611_[redacted].crash

    Mar 23, 2017, 06:22:49 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-182249_[redacted].crash

        /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow

    Mar 23, 2017, 06:22:48 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-182248_[redacted].crash

    Mar 23, 2017, 06:22:47 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-182247_[redacted].crash

    Mar 23, 2017, 06:22:46 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-182246_[redacted].crash

    Mar 23, 2017, 06:22:45 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-182245_[redacted].crash

    Mar 23, 2017, 04:13:43 PM    /Library/Logs/DiagnosticReports/loginwindow_2017-03-23-161343_[redacted].cpu_resource.diag [Details]

    Mar 23, 2017, 04:10:40 PM    ~/Library/Logs/DiagnosticReports/iTunesHelper_2017-03-23-161040_[redacted].crash

        com.apple.iTunesHelper - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTunesHelper

    Mar 23, 2017, 02:27:08 PM    /Library/Logs/DiagnosticReports/launchservicesd_2017-03-23-142708_[redacted].crash

 

[mreball]

Das ist jetzt etwas mühsam. Zuerst zum dritten Teil:
Thema Anmeldeobjekte: da ist eine Email (727.emlx) drin und eine app (Garmin Express Service)welche im Paoierkorb liegt.
Internet Plug ins: Prüfen ob noch benötigt, wenn ja aktualisieren, genauso bei den Systemeinstellungen z.B. Flip4Mac oder Perian

 

[mreball]

Zum ersten und zweiten Teil:
Unknown Files: com.phlegmonic.plist bitte komplett entfernen. Evtl. den Malwarbytes nochmal laufen lassen.
Bei den Launchern allgemein alle [failed] bitte prüfen oder entfernen.