Undefinierbare Mac Prozesse

[DrPepper96]

Hallo Leute, seit gestern habe ich ein paar seltsame Prozesse, welche ordentlich Leistung ziehen. Habe gleich mal ein Etrecheck log erstellt. Im Internet konnte ich keine Info bezüglich der Prozesse finden. Vielleicht wisst Ihr ja weiter.

Mein System: MacBook Pro 13" mid2012, 8GB Ram, 480GB SSD, OSX Mojave.

Top Processes Snapshot by CPU:

Process (count) CPU (Source - Location)

Aro 55.98 % (? - /usr/local/bin)

Homoptera 55.76 % (? - /usr/local/bin)

Sundaylike 55.60 % (? - /usr/local/bin)

Campyloneuron 55.56 % (? - /usr/local/bin)

Leviticalism 55.34 % (? - /usr/local/bin)

 

[dg2rbf]

Hi,
du musst schon den kompletten Etrecheck Scann posten, nach dieser Anleitung.

Wenn der Post zu groß ist, diesen Aufteilen.

Franz

 

[DrPepper96]

EtreCheck version: 5.2 (5C006)
Report generated: 2019-05-10 18:20:57
Download EtreCheck from https://etrecheck.com
Runtime: 3:28
Performance: Good

Problem: No problem - just checking

Major Issues:
    Anything that appears on this list needs immediate attention.

    No Time Machine backup - Time Machine backup not found.
    Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.
    Gatekeeper disabled - Gatekeeper security protection is disabled. This computer is at risk of malware infection.
    Heavy CPU usage - Some processes are using an unusually high amount of CPU.

Minor Issues:
    These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.

    Apps crashing - There have been numerous app crashes.
    Limited drive access - More information may be available with Full Drive Access.

Hardware Information:
    MacBook Pro (13-inch, Mid 2012)
    MacBook Pro Model: MacBookPro9,2
    1 2,5 GHz Intel Core i5 (i5-3210M) CPU: 2-core
    8 GB RAM - At maximum
        BANK 0/DIMM0 - 4 GB DDR3 1600  ok
        BANK 1/DIMM0 - 4 GB DDR3 1600  ok
    Battery: Health = Normal - Cycle count = 4

Video Information:
    Intel HD Graphics 4000 - VRAM: 1536 MB
        Color LCD 1280 x 800

Drives:
    disk0 - SanDisk Ultra II 480GB 480.10 GB (Solid State - TRIM: No)
    Internal SATA 6 Gigabit Serial ATA
        disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
        disk0s2 [APFS Container] 479.89 GB
            disk1 [APFS Virtual drive] 479.89 GB (Shared by 4 volumes)
                disk1s1 - M***********D (APFS) (Shared - 230.31 GB used)
                disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 25 MB used)
                disk1s3 - Recovery (APFS) [Recovery] (Shared - 520 MB used)
                disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used)

Mounted Volumes:
    disk1s1 - M***********D 479.89 GB (247.81 GB free)
        APFS
        Mount point: /

    disk1s4 - VM [APFS VM] (Shared - 1.07 GB used)
        APFS
        Mount point: /private/var/vm

Network:
    Interface en0: Ethernet
    Interface fw0: FireWire
    Interface en1: Wi-Fi
        802.11 a/b/g/n
    Interface en3: Bluetooth PAN
    Interface bridge0: Thunderbolt Bridge
    iCloud Quota: 1.49 GB available

System Software:
    macOS Mojave 10.14.4 (18E227)
    Time since boot: Less than an hour

Configuration Files:
    /etc/hosts - Count: 1

Security:
    Gatekeeper: Anywhere
    System Integrity Protection: Enabled

Unsigned Files:
    Launchd: /Library/LaunchDaemons/com.Myrmecobius.plist
        Executable: /Library/Application Support/Campyloneuron/***laitanism
        Details: Domain name invalid - possibly adware

    Launchd: /Library/LaunchDaemons/com.Phytoflagellata.plist
        Executable: /Library/Application Support/Sundaylike/Elsa
        Details: Domain name invalid - possibly adware

    Launchd: /Library/LaunchDaemons/com.Mcintosh.plist
        Executable: /Library/Application Support/Aro/Homocoela
        Details: Restrictive app permissions - possibly adware

    Launchd: /Library/LaunchDaemons/com.Todidae.plist
        Executable: /Library/Application Support/Leviticalism/Palamitism
        Details: Domain name invalid - possibly adware

    Launchd: /Library/LaunchDaemons/com.Mendelianism.plist
        Executable: /Library/Application Support/Taurian/Ruthene
        Details: Domain name invalid - possibly adware

    Launchd: /Library/LaunchDaemons/com.Mirfak.plist
        Executable: /usr/local/bin/Boehmenist
        Details: Restrictive app permissions - possibly adware

    Launchd: /Library/LaunchDaemons/PACESupport.plist
        Executable: /System/Library/Extensions/PACESupportFamily.kext/Contents/Resources/paceload
        Details: Exact match found in the whitelist - probably OK

    Launchd: /Library/LaunchDaemons/com.Chanidae.plist
        Executable: /Library/Application Support/Homoptera/Injun
        Details: Restrictive app permissions - possibly adware

    Launchd: /Library/LaunchDaemons/com.Manyema.plist
        Executable: /usr/local/bin/Epitoniidae
        Details: Domain name invalid - possibly adware

    Launchd: /Library/LaunchDaemons/com.paceap.eden.licensed.plist
        Executable: /Library/PrivilegedHelperTools/licenseDaemon.app/Contents/MacOS/licenseDaemon
        Details: Exact match found in the whitelist - probably OK

    Launchd: /Library/LaunchDaemons/com.Pyralidoidea.plist
        Executable: /usr/local/bin/Tumboa
        Details: Domain name invalid - possibly adware

Kernel Extensions:
    /System/Library/Extensions
        [Not Loaded] PACESupportFamily.kext (5.8)

    /System/Library/Extensions/PACESupportFamily.kext/Contents/PlugIns
        [Not Loaded] PACESupportLeopard.kext (5.8 - SDK 10.4)
        [Not Loaded] PACESupportPanther.kext (5.8 - SDK 10.-1)
        [Loaded] PACESupportSnowLeopard.kext (5.8 - SDK 10.6)
        [Not Loaded] PACESupportTiger.kext (5.8 - SDK 10.4)

 

[oneOeight]

tauchen doch da unter adware auf.
hast dir halt bei irgendwelchen downloads eingefangen.

 

[DrPepper96]

Startup Items:
    PACESupport Path: /Library/StartupItems/PACESupport

System Launch Agents:
    [Not Loaded] 16 Apple tasks
    [Loaded] 176 Apple tasks
    [Running] 109 Apple tasks

System Launch Daemons:
    [Not Loaded] 36 Apple tasks
    [Loaded] 184 Apple tasks
    [Running] 115 Apple tasks

Launch Daemons:
    [Loaded] PACESupport.plist (? ab6b5614 - installed 2011-07-08)
    [Running] com.Chanidae.plist (? dbcc36a6 - installed 2019-05-10)
    [Running] com.Manyema.plist (? 2e02d49d - installed 2019-05-10)
    [Running] com.Mcintosh.plist (? 5a36519d - installed 2019-05-10)
    [Running] com.Mendelianism.plist (? a73b3911 - installed 2019-05-10)
    [Running] com.Mirfak.plist (? 6463392a - installed 2019-05-10)
    [Running] com.Myrmecobius.plist (? 968fabf7 - installed 2019-05-09)
    [Running] com.Phytoflagellata.plist (? 4331cb85 - installed 2019-05-10)
    [Running] com.Pyralidoidea.plist (? 36a2569c - installed 2019-05-09)
    [Running] com.Todidae.plist (? 2c68135a - installed 2019-05-09)
    [Running] com.disc-soft.DAEMONTools.PrivilegedHelper.plist (Disc Soft Ltd - installed 2019-05-09)
    [Running] com.paceap.eden.licensed.plist (? 31c2e993 - installed 2011-07-09)

User Launch Agents:
    [Running] com.disc-soft.DAEMONTools.DAEMONToolsAgent.plist (Disc Soft Ltd - installed 2019-05-09)

User Login Items:
    Macs Fan Control.app (Ilya Parniuk - installed 2019-04-15)
        (Application - /Applications/Macs Fan Control.app)

    NIHardwareAgent.app (Native Instruments GmbH - installed 2019-01-14)
        (Application - /Library/Application Support/Native Instruments/Hardware/NIHardwareAgent.app)

Audio Plug-ins:
    AirPlay: 2.0 (Apple - installed 2019-03-21)
    BridgeAudioSP: 5.39 (Apple - installed 2019-03-21)
    iSightAudio: 7.7.3 (Apple - installed 2019-03-21)
    BoomAudio: 1.0.2 (Global Delight Technologies Pvt. Ltd - installed 2019-05-03)
    AppleAVBAudio: 740.1 (Apple - installed 2019-03-21)
    BluetoothAudioPlugIn: 6.0.11 (Apple - installed 2019-03-21)
    AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-03-21)

Safari Extensions:
    AdGuard - App Store (installed 2019-01-07)
    AdGuard Safari Icon - App Store (installed 2019-01-07)

Time Machine:
    Time Machine Not Configured!

Performance:
    System Load: 9.15 (1 min ago) 6.39 (5 min ago) 4.56 (15 min ago)
    Nominal I/O speed: 2.35 MB/s
    File system: 29.62 seconds
    Write speed:  285 MB/s
    Read speed:  469 MB/s

Top Processes Snapshot by CPU:
    Process (count) CPU (Source - Location)
    Aro 55.98 % (? - /usr/local/bin)
    Homoptera 55.76 % (? - /usr/local/bin)
    Sundaylike 55.60 % (? - /usr/local/bin)
    Campyloneuron 55.56 % (? - /usr/local/bin)
    Leviticalism 55.34 % (? - /usr/local/bin)

Top Processes Snapshot by Memory:
    Process (count) RAM usage (Source - Location)
    com.apple.WebKit.WebContent (9) 726 MB (Apple)
    EtreCheckPro 490 MB (Etresoft, Inc.)
    mdworker_shared (13) 215 MB (Apple)
    com.apple.SafariServices.ExtensionHelper 180 MB (Apple)
    Finder 174 MB (Apple)

Top Processes Snapshot by Network Use:
    Process Input / Output (Source - Location)
    com.apple.WebKit.Networking 314 KB / 12 KB (Apple)
    mDNSResponder 51 KB / 48 KB (Apple)
    Safari 40 KB / 3 KB (Apple)
    cloudd 26 KB / 14 KB (Apple)
    parsecd 19 KB / 15 KB (Apple)

Top Processes Snapshot by Energy Use:
    Process (count) Energy (0-100) (Source - Location)
    opendirectoryd 6 (Apple)
    WindowServer 4 (Apple)
    sysmond 3 (Apple)
    com.apple.prefer 3 (?)
    System Preferenc 2 (?)

Virtual Memory Information:
    Physical RAM: 8 GB

    Free RAM: 1.17 GB
    Used RAM: 4.33 GB
    Cached files: 2.51 GB

    Available RAM: 3.67 GB
    Swap Used: 0 B



Diagnostics Information (past 7 days):
    2019-05-10 17:51:32 Aro Crash (4 times)
        Executable: /usr/local/bin/Aro
        Details:
            abort() called

    2019-05-10 17:51:32 Taurian Crash (4 times)
        Executable: /usr/local/bin/Taurian
        Details:
            abort() called

    2019-05-10 17:51:32 Leviticalism Crash (4 times)
        Executable: /usr/local/bin/Leviticalism
        Details:
            abort() called

    2019-05-10 17:51:32 Campyloneuron Crash (3 times)
        Executable: /usr/local/bin/Campyloneuron
        Details:
            abort() called

    2019-05-10 17:51:32 Sundaylike Crash (4 times)
        Executable: /usr/local/bin/Sundaylike
        Details:
            abort() called

    2019-05-10 11:20:25 Logic Pro X.app CPU (2 times)
        Executable: /Applications/Logic Pro X.app

    2019-05-10 10:58:32 Homoptera Crash
        Executable: /usr/local/bin/Homoptera
        Details:
            abort() called

    2019-05-09 23:21:20 Archive Utility.app CPU
        Executable: /System/Library/CoreServices/Applications/Archive Utility.app


End of report

 

[Schiffversenker]

Und du vermutest warum, daß diese Prozesse etwas mit deiner Hardware zu tun haben und nix mit installierten Programmen?

 

[dg2rbf]

Hi,
oh mei, da hast du dir jede Menge Adware eingefangen, 9 mal Adware habe ich gefunden!!, ich empfehle in diesem Fall, eine komplette Neuinstallation.

Franz

 

[Roman78]

Hmmm Deamontools über alternative Wege installiert, oder was?

Las erst mal Malwarebytes Antimalware laufen, eventuell reicht das schon. Ansonsten Neuinstallation.

 

[mausfang]

Lad Dir mal „Knock Knock“. Das checkt auch gleich über Virus Total.

 

[DrPepper96]

Hmmm Deamontools über alternative Wege installiert, oder was?

Las erst mal Malwarebytes Antimalware laufen, eventuell reicht das schon. Ansonsten Neuinstallation.

Ja, hatte ich.. Hab die Viren jetzt alle entfernt. Malwarebytes zeigte jedoch nichts an. Knock Knock war da effektiver.
Danke für eure schnelle Hilfe. Echt super das Forum hier.

 

[mausfang]

Knock Knock war da effektiver.

Das würde mich interessieren. Erzähl doch mal.

 

[xentric]

Also bei mit heißt Malwarebefall Neuinstallation. Du kannst ja keine Ahnung haben, was da noch alles installiert ist, und evlt irgendwann mal startet, wenn kein Scanner läuft, als Hook mitläuft oder sonstiges macht. Einmal Einfall ist kompromitiert.

Beispielsweise Stuxnet gabs seit 2007 (Teile draus seit 2005), wurde erst 2010 erkannt. 3 Jahre unentdeckt. Und das ist sicher nicht der Einzelfall.

Und wenn ich du wäre, würde ich Passwörter die du benutzt hat in dieser Zeit ändern. Aber das sollte ja offensichtlich sein.