ho paura di aver preso un virus... (report etrecheck)

[looka]

alcuni giorni fa, quell'asino di mio figlio pasticciando col mac (book pro 15" mid 2012, el capitan) ha scaricato un software crakkato. l'ho disinstallato ma... da allora il mac si comporta in modo strano.
all'accensione mi parte di default safari (non si apre ma ho il pallino sotto all'icona nella dock) e le ventole girano anche se non sto facendo nulla d'impegnativo.
ho paura di aver preso un virus o qualcosa del genere.
cercando in rete non ho trovato nulla che mi aiutasse a capire se è tutto ok.
potete aiutarmi?
quali verifiche posso fare?
esiste un software serio che mi scansione e eventualmente cancella virus, malware ecc. che mi consigliate?
grazie in anticipo.

[looka]

scusate, il sistema operativo è sierra...

[faxus]

Ciao e benvenuto.

Ti consiglio un EtreCheck,
http://www.etresoft.com/etrecheck" onclick="window.open(this.href);return false;
Come fare ad eseguirlo e postarlo:
https://www.imaccanici.org/article.php/EtreCheck" onclick="window.open(this.href);return false;

Per un controllo sull'adware
https://it.malwarebytes.org/antimalware/mac/" onclick="window.open(this.href);return false;
http://www.thesafemac.com/arg-identification/" onclick="window.open(this.href);return false;

Non esistono veri e propri virus per i sistemi Mac.
C'è un diffuso adware.
E del raro malware (sostanzialmente di tipo trojan o spyware), in genere malfunzionante per via delle protezioni di sistema.
Posta e vedremo cosa risulta

[looka]

grazie ficus, mi metto al lavoro...

[faxus]

... ficus...

Eh... Magari...

[looka]

ecco il report... io il sanscrito lo parlo ma non lo so leggere...
fixus scusa per prima...

Codice: Seleziona tutto

EtreCheck version: 3.0.6 (315)
Report generated 2016-10-28 11:07:56
Download EtreCheck from https://etrecheck.com
Runtime 1:41
Performance: Excellent

Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ
    MacBook Pro (15-inch, Mid 2012) 
    [Technical Specifications] - [User Guide] - [Warranty & Service]
    MacBook Pro - model: MacBookPro9,1
    1 2,6 GHz Intel Core i7 CPU: 4-core
    8 GB RAM Upgradeable - [Instructions]
        BANK 0/DIMM0
            4 GB DDR3 1600 MHz ok
        BANK 1/DIMM0
            4 GB DDR3 1600 MHz ok
    Bluetooth: Good - Handoff/Airdrop2 supported
    Wireless:  en1: 802.11 a/b/g/n
    Battery: Health = Normal - Cycle count = 16

Video Information: ⓘ
    Intel HD Graphics 4000
        Color LCD 1440 x 900
    NVIDIA GeForce GT 650M - VRAM: 1024 MB

System Software: ⓘ
    macOS Sierra  10.12.1 (16B2555) - Time since boot: less than an hour

Disk Information: ⓘ
    APPLE SSD SM128E disk0 : (121,33 GB) (Solid State - TRIM: Yes)
        EFI (disk0s1) <not mounted> : 210 MB 
        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB 
        Macintosh HD (disk1) /  [Startup]: 120.10 GB (50.66 GB free)
            Encrypted AES-XTS Unlocked
            Core Storage: disk0s2 120.47 GB Online

    MATSHITADVD-R   UJ-8A8   ()

    ST1000LM024 HN-M101MBB disk2 : (1 TB) (Rotational)
        EFI (disk2s1) <not mounted> : 210 MB 
        agentorange (disk2s2) /Volumes/agentorange : 999.86 GB (597.21 GB free)

USB Information: ⓘ
    Apple Inc. FaceTime HD Camera (Built-in) 
    Apple Inc. Apple Internal Keyboard / Trackpad 
    Apple Computer, Inc. IR Receiver 
    Apple Inc. BRCM20702 Hub 
        Apple Inc. Bluetooth USB Host Controller 
    LaCie Rugged USB3-FW 
    GenesysLogic USB3.0 Hub 
    GenesysLogic USB2.0 Hub 

Thunderbolt Information: ⓘ
    Apple Inc. thunderbolt_bus
        LaCie Rugged mini

Gatekeeper: ⓘ
    Mac App Store and identified developers

Unknown Files: ⓘ
    /Library/LaunchDaemons/com.HFAIdqxU.plist
        
    /Library/LaunchDaemons/com.itdmzgmshcwu.plist
        
    /Library/LaunchDaemons/com.replotter.service.plist
        
    /Library/LaunchDaemons/com.riygrcaghjti.plist
        
    4 unknown files found. [Check files]

Kernel Extensions: ⓘ
        /Library/Extensions
    [loaded]    com.logitech.manager.kernel.driver (6.30.1 - SDK 10.8 - 2016-10-28) [Support]

        /System/Library/Extensions
    [loaded]    com.Cycling74.driver.Soundflower (1.6.7 - SDK 10.9 - 2016-10-28) [Support]
    [loaded]    com.splashtop.driver.SRXDisplayCard (1.6 - SDK 10.10 - 2016-10-28) [Support]
    [loaded]    com.splashtop.driver.SRXFrameBufferConnector (1.6 - SDK 10.9 - 2016-10-28) [Support]

System Launch Agents: ⓘ
    [not loaded]    8 Apple tasks
    [loaded]    168 Apple tasks
    [running]    95 Apple tasks

System Launch Daemons: ⓘ
    [not loaded]    36 Apple tasks
    [loaded]    163 Apple tasks
    [running]    105 Apple tasks

Launch Agents: ⓘ
    [loaded]    com.google.keystone.agent.plist (2015-12-11) [Support]
    [loaded]    com.intego.backupassistant.agent.plist (2014-07-30) [Support]
    [running]    com.logitech.manager.daemon.plist (2016-10-02) [Support]
    [loaded]    com.oracle.java.Java-Updater.plist (2014-12-09) [Support]

Launch Daemons: ⓘ
    [not loaded]    com.HFAIdqxU.plist (2016-10-20) [Support]
    [loaded]    com.adobe.fpsaud.plist (2016-05-10) [Support]
    [loaded]    com.google.keystone.daemon.plist (2015-12-11) [Support]
    [running]    com.intego.BackupAssistant.daemon.plist (2014-07-30) [Support]
    [not loaded]    com.itdmzgmshcwu.plist (2016-10-20) [Support]
    [loaded]    com.macpaw.CleanMyMac3.Agent.plist (2016-10-20) [Support]
    [loaded]    com.malwarebytes.HelperTool.plist (2016-10-23) [Support]
    [loaded]    com.microsoft.office.licensing.helper.plist (2010-09-23) [Support]
    [loaded]    com.oracle.java.Helper-Tool.plist (2014-12-09) [Support]
    [loaded]    com.oracle.java.JavaUpdateHelper.plist (2015-04-23) [Support]
    [not loaded]    com.replotter.service.plist (2016-10-20) [Support]
    [not loaded]    com.riygrcaghjti.plist (2016-10-22) [Support]

User Launch Agents: ⓘ
    [loaded]    com.bittorrent.uTorrent.plist (2015-12-08)
    [loaded]    com.macpaw.CleanMyMac3.Scheduler.plist (2016-10-21)
    [running]    com.splashtop.wired-xdisplay.plist (2016-10-28) [Support]

User Login Items: ⓘ
    iTunesHelper    Applicazione  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Internet Plug-ins: ⓘ
    FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-08-02) [Support]
    QuickTime Plugin: 7.7.3 (2016-10-25)
    NP_2020Player_IKEA: 5.0.94.1 - SDK 10.6 (2012-09-28) [Support]
    Flash Player: 21.0.0.242 - SDK 10.6 (2016-08-02) Outdated! Update
    EPPEX Plugin: 4.1.0.0 (2011-07-27) [Support]
    SharePointBrowserPlugin: 14.0.0 (2010-09-23) [Support]
    JavaAppletPlugin: Java 8 Update 45 (2016-08-02) Check version

User internet Plug-ins: ⓘ
    Google Earth Web Plug-in: 7.1 (2016-08-02) [Support]

3rd Party Preference Panes: ⓘ
    Flash Player (2016-05-10) [Support]
    Java (2016-08-02) [Support]
    Logi Options Launcher (2016-10-20) [Support]
    MacFUSE (2008-12-19) [Support]
    ProCutX Server (2013-03-06) [Support]

Time Machine: ⓘ
    Skip System Files: NO
    Mobile backups: ON
    Auto backup: YES
    Volumes being backed up:
        Macintosh HD: Disk size: 120.10 GB Disk used: 69.44 GB
    Destinations:
        backup [Local] 
        Total size: 999.86 GB 
        Total number of backups: 32 
        Oldest backup: 09/04/16, 15:56 
        Last backup: 28/10/16, 10:19 
        Size of backup disk: Excellent
            Backup size 999.86 GB > (Disk size 120.10 GB X 3)

Top Processes by CPU: ⓘ
        32%    launchservicesd
        12%    (osascript)
         8%    loginwindow
         6%    WindowServer
         4%    kernel_task

Top Processes by Memory: ⓘ
    902 MB    kernel_task
    344 MB    mdworker(16)
    254 MB    Mail
    156 MB    com.apple.WebKit.WebContent
    147 MB    Safari

Virtual Memory Information: ⓘ
    2.88 GB    Free RAM 
    5.11 GB    Used RAM (1.95 GB Cached)
    0 B    Swap Used 

Diagnostics Information: ⓘ
    Oct 28, 2016, 10:29:22 AM    /Library/Logs/DiagnosticReports/Safari_2016-10-28-102922_[redacted].crash
        com.apple.Safari - /Applications/Safari.app/Contents/MacOS/Safari
    Oct 28, 2016, 10:29:21 AM    /Library/Logs/DiagnosticReports/Safari_2016-10-28-102921_[redacted].crash
    Oct 28, 2016, 10:29:13 AM    Self test - passed
    Oct 28, 2016, 09:15:17 AM    /Library/Logs/DiagnosticReports/Safari_2016-10-28-091517_[redacted].crash
    Oct 25, 2016, 05:41:27 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-174127_[redacted].crash
    Oct 25, 2016, 05:41:23 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-174123_[redacted].crash
    Oct 25, 2016, 04:12:38 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161238_[redacted].crash
    Oct 25, 2016, 04:11:15 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161115_[redacted].crash
    Oct 25, 2016, 04:11:14 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161114_[redacted].crash
    Oct 25, 2016, 04:11:13 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161113_[redacted].crash
    Oct 25, 2016, 04:11:12 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161112_[redacted].crash
    Oct 25, 2016, 04:11:10 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161110_[redacted].crash
    Oct 25, 2016, 04:11:09 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161109_[redacted].crash
    Oct 25, 2016, 04:11:08 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161108_[redacted].crash
    Oct 25, 2016, 04:11:07 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161107_[redacted].crash
    Oct 25, 2016, 04:11:06 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161106_[redacted].crash
    Oct 25, 2016, 04:11:04 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161104_[redacted].crash
    Oct 25, 2016, 04:11:03 PM    /Library/Logs/DiagnosticReports/Safari_2016-10-25-161103_[redacted].crash

[faxus]

Togliamoci un dubbio.

Usa Terminale.
Lo trovi in Applicazioni /Utility, oppure cmd+spazio scrivi ter e dai accapo.
Vedrai comparire delle parole, segni e il tuo nome utente, il prompt, a cui segue una barretta per inserire testo.
È pronto per eseguire un ordine.
Copia e incolla dopo la barretta (non scrivere tu) con attenzione questi comandi, uno per volta:

Codice: Seleziona tutto

dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 && $2 < 500 { print $1; }'

Codice: Seleziona tutto

dscl . -list /Users UniqueID | grep 401

Dai accapo per eseguirl.

Copia ed incolla entrambe i risultati sul post.
Poi scrivi exit, accapo, cmd+Q per uscire correttamente da Terminale

Poi:
Apri Console, la trovi in Applicazioni, cartella Utility.
Sulla barra laterale cerca, trova e posta:
/Library/Logs/DiagnosticReports/Safari_2016-10-28-102922_***.crash

Come si posta un resoconto di un Crash.Log
viewtopic.php?f=33&t=37701" onclick="window.open(this.href);return false;

[looka]

ci provo.
ci sentiamo in primavera...

[looka]

_applepay
_assetcache
_astris
_avbdeviced
_captiveagent
_coreaudiod
_coremediaiod
_ctkd
_cvmsroot
_datadetectors
_devicemgr
_displaypolicyd
_distnote
_dovecot
_dovenull
_dpaudio
_findmydevice
_gamecontrollerd
_hidd
_iconservices
_kadmin_admin
_kadmin_changepw
_krb_anonymous
_krb_changepw
_krb_kadmin
_krb_kerberos
_krb_krbtgt
_krbfast
_krbtgt
_launchservicesd
_lda
_locationd
_mbsetupuser
_mobileasset
_netbios
_netstatistics
_nsurlsessiond
_nsurlstoraged
_ondemand
_postgres
_screensaver
_softwareupdate
_timezone
_trustevaluationagent
_usbmuxd
_warmd
_webauthserver
_wwwproxy
_xcsbuildagent
_xcscredserver
_xserverdocs
MacBook-Pro-di-looka:~ lookappatiemme$ dscl . -list /Users UniqueID | grep 401
MacBook-Pro-di-looka:~ lookappatiemme$ dscl . -list /Users UniqueID | grep 401
MacBook-Pro-di-looka:~ lookappatiemme$


il secondo l'ho copiato più' volte perché non mi restituisce nulla.
ora faccio il resto

[looka]

ho aperto la console ma non ci capisco un tubo...
ti allego una foto, sono nel posto giusto?
(grazie per la pazienza ed il tempo che mi dedichi)

[looka]

ho letto dopo cosa fare... ora ci provo

[Kernel Panic]

Nel messaggio di apertura hai scritto di aver installato El Capitan, nel log di Etrecheck risulta che nel tuo Mac è installato Sierra (aggiornatissimo) .....

[looka]

si... ho corretto nel post successivo...

[Kernel Panic]

Giusto, non me ne ero accorto.

Per curiosità qual era il software scaricato da tuo figlio?

Hai fatto girare Malwarebytes Anti-Malware, come consigliato da "Ficus"?

[looka]

lo scienziato (mio figlio) ha scaricato cleanmymac.
si, ho fatto girare malware... (l'avevo già fatto ieri cercando in rete ma non ha trovato nulla)
ecco il risultato della consolle ma non so se ho copiato le righe giuste...

Codice: Seleziona tutto

Process:               launchservicesd [96]
Path:                  /System/Library/CoreServices/launchservicesd
Identifier:            launchservicesd
Version:               775.8
Code Type:             X86-64 (Native)
Parent Process:        launchd [1]
Responsible:           launchservicesd [96]
User ID:               0

Date/Time:             2016-10-20 12:52:02.462 +0200
OS Version:            Mac OS X 10.12 (16A323)
Report Version:        12
Anonymous UUID:        152819E5-A0F4-1BDE-F0C7-6C955AF49EFE


Time Awake Since Boot: 13000 seconds

System Integrity Protection: enabled

Crashed Thread:        4

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [0]

Application Specific Information:
BUG IN LIBPTHREAD: Invalid thread port

Thread 0:: Dispatch queue: com.apple.root.default-qos.overcommit
0   libsystem_kernel.dylib        	0x00007fff903b427e __sigsuspend_nocancel + 10
1   libdispatch.dylib             	0x00007fff9025d34c _dispatch_sigsuspend + 21
2   libdispatch.dylib             	0x00007fff9025d337 _dispatch_sig_thread + 41

Thread 1:
0   libsystem_kernel.dylib        	0x00007fff903b44e6 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff9049b632 _pthread_wqthread + 1023
2   libsystem_pthread.dylib       	0x00007fff9049b221 start_wqthread + 13

Thread 2:
0   libsystem_kernel.dylib        	0x00007fff903b44e6 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff9049b632 _pthread_wqthread + 1023
2   libsystem_pthread.dylib       	0x00007fff9049b221 start_wqthread + 13

Thread 3:: Dispatch queue: com.apple.root.default-qos.overcommit
0   libsystem_kernel.dylib        	0x00007fff903b3fde __semwait_signal + 10
1   libsystem_c.dylib             	0x00007fff9033ab92 nanosleep + 199
2   libsystem_c.dylib             	0x00007fff9033a9f3 sleep + 42
3   libxpc.dylib                  	0x00007fff904f3dbb _waiting4memory + 14
4   libxpc.dylib                  	0x00007fff904df139 _xpc_mach_port_allocate + 110
5   libxpc.dylib                  	0x00007fff904e093d _xpc_connection_init + 849
6   libxpc.dylib                  	0x00007fff904e05dc _xpc_connection_resume_init + 14
7   libdispatch.dylib             	0x00007fff9024f128 _dispatch_client_callout + 8
8   libdispatch.dylib             	0x00007fff9025e2ce _dispatch_queue_override_invoke + 743
9   libdispatch.dylib             	0x00007fff90250ee0 _dispatch_root_queue_drain + 476
10  libdispatch.dylib             	0x00007fff90250cb7 _dispatch_worker_thread3 + 99
11  libsystem_pthread.dylib       	0x00007fff9049b746 _pthread_wqthread + 1299
12  libsystem_pthread.dylib       	0x00007fff9049b221 start_wqthread + 13

Thread 4 Crashed:
0   libsystem_pthread.dylib       	0x00007fff9049b719 _pthread_wqthread + 1254
1   libsystem_pthread.dylib       	0x00007fff9049b221 start_wqthread + 13

Thread 4 crashed with X86 Thread State (64-bit):
  rax: 0x000070000bd50000  rbx: 0x00000000002c0015  rcx: 0x00007fff904a08c9  rdx: 0x000070000bd50000
  rdi: 0x000070000bd50000  rsi: 0x00007fff98f88378  rbp: 0x000070000bd4fa70  rsp: 0x000070000bd4fa20
   r8: 0x000070000bccf000   r9: 0x0000000000083000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x00000000010008ff  r13: 0x000070000bd50000  r14: 0x0000000001000000  r15: 0x0000000000000000
  rip: 0x00007fff9049b719  rfl: 0x0000000000010246  cr2: 0x00007fff955a4be8
  
Logical CPU:     6
Error Code:      0x00000000
Trap Number:     6