-
All replies
-
Helpful answers
-
Oct 17, 2012 4:09 PM in response to lkstevensby MadMacs0,lkstevens wrote:
Had a similar experience as well. Not sure what to do at this point either. Tempted to just format and reinstall everything.
This topic is over a year old. Lots has changed and most of the participants have moved on to bigger and better things. You would be better served by starting with a new topic and describing what you are experiencing in detail. Unless you allowed somebody physical access to your computer, there's very little chance it was hacked.
-
Aug 7, 2014 7:24 PM in response to Linc Davisby h239,I really know that this could sound very weird BUT..... I have to ask someone who can advise me what to do. At this moment l am really desperate and don't know what to do anymore. I feel really scared.... And NO, I AM NOT CRAZY!
I have a iMac os x 10.9.4, before my ex owned this mac and when we separated he gave it to me so our daughter can use it for school.
Since the beginning this mac was very slow, When I try to erase everything, it didn't help at all, everything stayed (almost) the same.
I am also almost sure that someone (I think my ex) automatically takes files out of my system and import this to windows XP or windows 7/8 via a server (and uploads it to dropbox??). I see in the system.log weird actions happening what started by root, system.log actions like SDK Android eclipse, CVMserver, AirplayUIAgent, accountsd, airportd, diskarbitrationd, hid, networkd_priviledged, UserEventAgent.... and more stuff like that, all in the 'root' etc. etc.
When my mac's getting slow, and making weard souds on the background I instantly turn off my mac, After a couple of hours I startup again but
And I strongly feel that he also has installed a keylogger, even when I try to delete someting what I did't (when i loggin on de Rude software to watch on my webcam, does a lot of streaming and cloudprinting is also installed (I didn't do that).
Do you know how I can check if this all is true?
Can I find out what is exported and whereto?
How can I stop this?
-
Aug 7, 2014 9:34 PM in response to h239by MadMacs0,Link almost never responds to requests and with this being a three year old thread, almost nobody is following it any more. I'm surprised to see that I am.
If you didn't find anything here to help you then you need to start a new discussion topic in order for Linc and other troubleshooters to even notice your question.
That being said, it would be almost impossible for anybody here to help you with this particular problem. It's a law enforcement issue that require the services of a highly trained forensic IT person to tell you for certain what is going on. You should be contacting the police, not discussing it here.
If you don't care about the legal aspects of this issue then simply backup any user files you need, erase the hard drive and re-install the OS and any third party applications you need from original, trusted sources. If the computer has been compromised, there is no other way to be certain to have removed any unwanted processes/applications.
-
Aug 8, 2014 2:13 AM in response to MadMacs0by h239,Ok thank you!
I do care about the legal aspects, so I'll go to the police. that's the best thing I can do....
-
Sep 22, 2014 11:32 AM in response to Linc Davisby Macfool-1,how to delete it if there was one .. knowing that my Mac os x is down and im just using safari from the utilities pan ????
-
Sep 22, 2014 11:43 AM in response to Macfool-1by Macfool-1,what is it was a corrupted****** who works in the police who is doing that ???
<Edited by Host>
-
Mar 19, 2015 7:16 PM in response to Linc Davisby HackedUser123,This is what my computer says
mv: rename /System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component to /Users/YourName/Desktop: No such file or directory
Tylers-MacBook-Pro:~ jdub$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
com.trendmicro.kext.filehook(1.5.0)
com.trendmicro.kext.KERedirect(1.0.0)
Tylers-MacBook-Pro:~ jdub$ sudo launchctl list | sed 1d | awk ' !/0x|apple|com\.vix|edu\.|org\./ { print $3 } '
com.trendmicro.tmsm.plugin
com.trendmicro.icore.wp
com.trendmicro.icore.main
com.trendmicro.icore.av
com.trendmicro.tmsm.launcher
Tylers-MacBook-Pro:~ jdub$ launchctl list | sed 1d | awk ' !/0x|apple|edu\.|org\./ { print $3 } '
com.trendmicro.TM.TmLoginMgr.16788
Tylers-MacBook-Pro:~ jdub$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
TMAppCommon.framework
TMAppCore.framework
TMGUIUtil.framework
iCoreClient.framework
iCoreClientPb.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
nsIQTScriptablePlugin.xpt
/Library/LaunchAgents:
/Library/LaunchDaemons:
com.trendmicro.icore.av.plist
com.trendmicro.icore.main.plist
com.trendmicro.icore.wp.plist
com.trendmicro.tmsm.launcher.plist
com.trendmicro.tmsm.plugin.plist
/Library/PreferencePanes:
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
/Library/ScriptingAdditions:
/Library/StartupItems:
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
Library/LanguageModeling:
en-dynamic.lm
es-dynamic.lm
nl-dynamic.lm
Library/PreferencePanes:
Tylers-MacBook-Pro:~ jdub$
-
Mar 19, 2015 10:05 PM in response to HackedUser123by MadMacs0,I guess you didn't read my earlier post to this more than three year old topic, but you are wasting your time with this posting. We don't even know what your problem is, nor do we understand most of what your posting means! I'd also have to guess that I may be the only person still readying this discussion and I'm certainly not sure why I didn't unfollow a long time ago.
If you can't find the information you need already posted to this topic, then you need to start a new discussion item with a detailed description of your situation, starting with what makes you believe you have been hacked. That way you will attract many more troubleshooters faster. That's just the way this forum works.
-
May 24, 2015 3:20 PM in response to Linc Davisby psiguy,I have definitely been "hacked" -- the perp had physical access to my machine (for a few min), installed some remote Windows software, and is supremely capable.
Here is the output from the commands you recommended. Any help would be greatly appreciated. Thnx.
Last login: Sun May 24 18:08:43 on console
[Qbit:torrey W] -> kextstat -kl | awk ' !/apple/ { print $6 $7 } '
org.virtualbox.kext.VBoxDrv(4.3.28)
org.virtualbox.kext.VBoxUSB(4.3.28)
org.virtualbox.kext.VBoxNetFlt(4.3.28)
org.virtualbox.kext.VBoxNetAdp(4.3.28)
[Qbit:torrey W] -> sudo launchctl list | sed 1d | awk ' !/0x|apple|com
\.vix|edu\.|org\./ { print $3 } '
WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.
To proceed, enter your password, or type Ctrl-C to abort.
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
torrey is not in the sudoers file. This incident will be reported.
[Qbit:torrey W] -> launchctl list | sed 1d | awk ' !/0x|apple|edu\.|or
g\./ { print $3 } '
com.google.Chrome.46608
com.oracle.java.Java-Updater
com.google.keystone.user.agent
[Qbit:torrey W] -> ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu
,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
AquaTerm.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
JavaAppletPlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
nsIQTScriptablePlugin.xpt
/Library/LaunchAgents:
com.oracle.java.Java-Updater.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.apple.spirecorder.plist
com.macromates.auth_server.plist
com.microsoft.office.licensing.helper.plist
com.oracle.java.Helper-Tool.plist
org.macosforge.xquartz.privileged_startx.plist
org.virtualbox.startup.plist
/Library/PreferencePanes:
JavaControlPanel.prefPane
TeXDistPrefPane.prefPane
/Library/PrivilegedHelperTools:
com.macromates.auth_server
com.microsoft.office.licensing.helper
com.microsoft.office.licensingV2.helper
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
/Library/ScriptingAdditions:
/Library/StartupItems:
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
Library/LanguageModeling:
da-dynamic.lm
en-dynamic.lm
Library/LaunchAgents:
com.google.keystone.agent.plist
Library/PreferencePanes:
[Qbit:torrey W] -> ps -cx
PID TTY TIME CMD
197 ?? 0:07.04 distnoted
225 ?? 0:01.19 tccd
226 ?? 0:01.10 pkd
229 ?? 0:00.22 secd
259 ?? 0:00.13 IMDPersistenceAgent
271 ?? 0:00.05 CloudKeychainProxy
272 ?? 0:04.58 secinitd
282 ?? 0:00.13 com.apple.InputMethodKit.UserDictionary
310 ?? 0:00.35 mdflagwriter
388 ?? 0:00.17 mdworker
520 ?? 0:00.34 com.apple.CloudPhotosConfiguration
564 ?? 0:00.20 com.apple.CoreSimulator.CoreSimulatorService
608 ?? 0:00.36 com.apple.speech.speechsynthesisd
6826 ?? 0:00.04 DataDetectorsDynamicData
7865 ?? 0:00.04 com.apple.appstore.PluginXPCService
7875 ?? 0:05.28 mdworker
7876 ?? 0:05.87 mdworker
7878 ?? 0:05.83 mdworker
7880 ?? 0:06.05 mdworker
7908 ?? 0:00.04 com.apple.BKAgentService
8105 ?? 0:02.91 cfprefsd
8800 ?? 0:00.04 com.apple.sbd
9407 ?? 0:00.39 UserEventAgent
9411 ?? 0:00.84 Dock
9412 ?? 0:00.94 SystemUIServer
9413 ?? 0:00.41 Finder
9415 ?? 0:00.01 pboard
9418 ?? 0:00.19 cloudd
9419 ?? 0:00.03 nsurlsessiond
9420 ?? 0:00.52 Spotlight
9421 ?? 0:00.47 fontd
9423 ?? 0:00.06 bird
9424 ?? 0:00.06 accountsd
9425 ?? 0:00.27 usernoted
9426 ?? 0:00.03 com.apple.wifi.proxy
9427 ?? 0:00.21 sharingd
9431 ?? 0:00.58 identityservicesd
9432 ?? 0:01.37 SpotlightNetHelper
9433 ?? 0:00.02 iconservicesagent
9434 ?? 0:00.01 spindump_agent
9436 ?? 0:00.03 SocialPushAgent
9438 ?? 0:00.10 Keychain Circle Notification
9441 ?? 0:00.71 NotificationCenter
9443 ?? 0:00.17 AppleIDAuthAgent
9445 ?? 0:00.41 CalendarAgent
9447 ?? 0:00.04 askpermissiond
9448 ?? 0:00.11 imagent
9449 ?? 0:00.06 cloudpaird
9450 ?? 0:00.02 helpd
9452 ?? 0:00.08 WiFiAgent
9453 ?? 0:00.07 diagnostics_agent
9455 ?? 0:00.18 soagent
9459 ?? 0:00.04 iTunesHelper
9460 ?? 0:00.08 lsuseractivityd
9461 ?? 0:00.19 com.apple.dock.extra
9462 ?? 0:00.55 nsurlstoraged
9463 ?? 0:00.06 CallHistorySyncHelper
9464 ?? 0:00.04 mapspushd
9465 ?? 0:00.10 fmfd
9466 ?? 0:00.30 storeaccountd
9467 ?? 0:00.08 com.apple.iCloudHelper
9468 ?? 0:00.04 CallHistoryPluginHelper
9469 ?? 0:00.17 CalNCService
9471 ?? 0:00.21 callservicesd
9476 ?? 0:00.04 pbs
9477 ?? 0:00.02 AppleSpell
9487 ?? 0:00.03 storelegacy
9488 ?? 0:00.26 storeassetd
9489 ?? 0:00.06 LaterAgent
9490 ?? 0:00.09 CoreServicesUIAgent
9491 ?? 0:00.04 storedownloadd
9493 ?? 0:18.18 Google Chrome
9496 ?? 0:00.01 crashpad_handler
9498 ?? 0:05.75 Google Chrome Helper
9500 ?? 0:00.02 VTDecoderXPCService
9502 ?? 0:00.63 Google Chrome Helper
9509 ?? 0:00.63 mdworker
9511 ?? 0:14.76 Google Chrome Helper
9515 ?? 0:01.99 Terminal
9537 ?? 0:00.15 cloudphotosd
9538 ?? 0:00.03 photolibraryd
9517 ttys000 0:00.02 login
9518 ttys000 0:00.02 -bash
9543 ttys000 0:00.00 ps
[Qbit:torrey W] ->
-
May 24, 2015 3:38 PM in response to psiguyby MadMacs0,Please read my post immediately above yours. Nobody else seems to be following this over 3-½ year old topic and I can't properly interpret what you posted.
Start a new discussion topic with only the description of what you know and have observed for yourself. I'm sure the diagnostics Linc gave have changed after all this time and you need to be logged in as admin in order to properly run them.
That being said, if you plan on pursuing this from a legal standpoint then you need to take your computer to the authorities in your area and have it forensically examined by a qualified law enforcement tech. Once you allowed physical access, most anything could have been done to it and it probably won't be obvious to any of us.
-
Jan 1, 2016 3:26 AM in response to lkstevensby chef_ack,Last login: Fri Jan 1 18:12:42 on console
alvins-iMac:~ alvinchuakwan$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
com.logmein.driver.LogMeInSoundDriver(1.0.3)
alvins-iMac:~ alvinchuakwan$
alvins-iMac:~ alvinchuakwan$ sudo launchctl list | sed 1d | awk ' !/0x|apple|com\.vix|edu\.|org\./ { print $3 } '
Password:
Sorry, try again.
Password:
com.tvmobili.tvmobilisvcd
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.oracle.java.Helper-Tool
com.adobe.SwitchBoard
com.logmein.raupdate
com.adobe.fpsaud
alvins-iMac:~ alvinchuakwan$ launchctl list | sed 1d | awk ' !/0x|apple|edu\.|org\./ { print $3 } '
com.fiplab.converto.82272
com.cherpake.Remote-for-Mac-Server.22112
com.google.keystone.system.agent
com.google.Chrome.25632
com.valvesoftware.steamclean
cn.com.zte.usbswapper.plist
com.adobe.CS5ServiceManager
com.adobe.AAM.Scheduler-1.0
com.oracle.java.Java-Updater
com.tvmobili.artwork
com.fiplab.ConvertoHelper
com.spotify.webhelper
com.spigot.ApplicationManager
alvins-iMac:~ alvinchuakwan$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
hp_io_enabler_compound.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
Disabled Plug-Ins
Flash Player.plugin
JavaAppletPlugin.plugin
LogMeIn.plugin
LogMeInSafari32.plugin
Quartz Composer.webplugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
Unity Web Player.plugin
Unused
flashplayer.xpt
npContributeMac.bundle
/Library/LaunchAgents:
SwapperUFi.plist
cn.com.zte.usbswapper.plist
com.adobe.AAM.Updater-1.0.plist
com.adobe.CS5ServiceManager.plist
com.google.keystone.agent.plist
com.logmein.logmeingui.plist
com.logmein.logmeinguiagent.plist
com.logmein.logmeinguiagentatlogin.plist
com.oracle.java.Java-Updater.plist
com.tvmobili.artwork.plist
org.chromium.chromoting.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.google.keystone.daemon.plist
com.logmein.logmeinblanker.plist
com.logmein.logmeinserver.plist
com.logmein.raupdate.plist
com.microsoft.office.licensing.helper.plist
com.oracle.java.Helper-Tool.plist
com.tvmobili.tvmobilisvcd.plist
org.macosforge.xquartz.privileged_startx.plist
/Library/PreferencePanes:
ChromeRemoteDesktop.prefPane
Flash Player.prefPane
Growl.prefPane
JavaControlPanel.prefPane
/Library/PrivilegedHelperTools:
ChromeRemoteDesktopHost.bundle
com.genieoinnovation.macextension.client
com.microsoft.office.licensing.helper
org.chromium.chromoting.json
org.chromium.chromoting.me2me.sh
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
SoundboothScoreCodec.component
/Library/ScriptingAdditions:
Adobe Unit Types.osax
/Library/StartupItems:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
BlueStacks Install Detector.plugin
RealPlayer Plugin.plugin
Library/LanguageModeling:
da-dynamic.lm
de-dynamic.lm
en-dynamic.lm
es-dynamic.lm
fi-dynamic.lm
fr-dynamic.lm
it-dynamic.lm
nb-dynamic.lm
nl-dynamic.lm
pl-dynamic.lm
pt-dynamic.lm
sv-dynamic.lm
tr-dynamic.lm
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.spigot.ApplicationManager.plist
com.spotify.webhelper.plist
com.valvesoftware.steamclean.plist
Library/PreferencePanes:
alvins-iMac:~ alvinchuakwan$
alvins-iMac:~ alvinchuakwan$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
hp_io_enabler_compound.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
Disabled Plug-Ins
Flash Player.plugin
JavaAppletPlugin.plugin
LogMeIn.plugin
LogMeInSafari32.plugin
Quartz Composer.webplugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
Unity Web Player.plugin
Unused
flashplayer.xpt
npContributeMac.bundle
/Library/LaunchAgents:
SwapperUFi.plist
cn.com.zte.usbswapper.plist
com.adobe.AAM.Updater-1.0.plist
com.adobe.CS5ServiceManager.plist
com.google.keystone.agent.plist
com.logmein.logmeingui.plist
com.logmein.logmeinguiagent.plist
com.logmein.logmeinguiagentatlogin.plist
com.oracle.java.Java-Updater.plist
com.tvmobili.artwork.plist
org.chromium.chromoting.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.google.keystone.daemon.plist
com.logmein.logmeinblanker.plist
com.logmein.logmeinserver.plist
com.logmein.raupdate.plist
com.microsoft.office.licensing.helper.plist
com.oracle.java.Helper-Tool.plist
com.tvmobili.tvmobilisvcd.plist
org.macosforge.xquartz.privileged_startx.plist
/Library/PreferencePanes:
ChromeRemoteDesktop.prefPane
Flash Player.prefPane
Growl.prefPane
JavaControlPanel.prefPane
/Library/PrivilegedHelperTools:
ChromeRemoteDesktopHost.bundle
com.genieoinnovation.macextension.client
com.microsoft.office.licensing.helper
org.chromium.chromoting.json
org.chromium.chromoting.me2me.sh
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
SoundboothScoreCodec.component
/Library/ScriptingAdditions:
Adobe Unit Types.osax
/Library/StartupItems:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
BlueStacks Install Detector.plugin
RealPlayer Plugin.plugin
Library/LanguageModeling:
da-dynamic.lm
de-dynamic.lm
en-dynamic.lm
es-dynamic.lm
fi-dynamic.lm
fr-dynamic.lm
it-dynamic.lm
nb-dynamic.lm
nl-dynamic.lm
pl-dynamic.lm
pt-dynamic.lm
sv-dynamic.lm
tr-dynamic.lm
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.spigot.ApplicationManager.plist
com.spotify.webhelper.plist
com.valvesoftware.steamclean.plist
Library/PreferencePanes:
alvins-iMac:~ alvinchuakwan$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
hp_io_enabler_compound.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
Disabled Plug-Ins
Flash Player.plugin
JavaAppletPlugin.plugin
LogMeIn.plugin
LogMeInSafari32.plugin
Quartz Composer.webplugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
Unity Web Player.plugin
Unused
flashplayer.xpt
npContributeMac.bundle
/Library/LaunchAgents:
SwapperUFi.plist
cn.com.zte.usbswapper.plist
com.adobe.AAM.Updater-1.0.plist
com.adobe.CS5ServiceManager.plist
com.google.keystone.agent.plist
com.logmein.logmeingui.plist
com.logmein.logmeinguiagent.plist
com.logmein.logmeinguiagentatlogin.plist
com.oracle.java.Java-Updater.plist
com.tvmobili.artwork.plist
org.chromium.chromoting.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.google.keystone.daemon.plist
com.logmein.logmeinblanker.plist
com.logmein.logmeinserver.plist
com.logmein.raupdate.plist
com.microsoft.office.licensing.helper.plist
com.oracle.java.Helper-Tool.plist
com.tvmobili.tvmobilisvcd.plist
org.macosforge.xquartz.privileged_startx.plist
/Library/PreferencePanes:
ChromeRemoteDesktop.prefPane
Flash Player.prefPane
Growl.prefPane
JavaControlPanel.prefPane
/Library/PrivilegedHelperTools:
ChromeRemoteDesktopHost.bundle
com.genieoinnovation.macextension.client
com.microsoft.office.licensing.helper
org.chromium.chromoting.json
org.chromium.chromoting.me2me.sh
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
SoundboothScoreCodec.component
/Library/ScriptingAdditions:
Adobe Unit Types.osax
/Library/StartupItems:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
BlueStacks Install Detector.plugin
RealPlayer Plugin.plugin
Library/LanguageModeling:
da-dynamic.lm
de-dynamic.lm
en-dynamic.lm
es-dynamic.lm
fi-dynamic.lm
fr-dynamic.lm
it-dynamic.lm
nb-dynamic.lm
nl-dynamic.lm
pl-dynamic.lm
pt-dynamic.lm
sv-dynamic.lm
tr-dynamic.lm
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.spigot.ApplicationManager.plist
com.spotify.webhelper.plist
com.valvesoftware.steamclean.plist
Library/PreferencePanes:
alvins-iMac:~ alvinchuakwan$
-
Jan 1, 2016 3:56 AM in response to chef_ackby MadMacs0,Please read my post immediately above yours. Nobody else seems to be following this over 4-½ year old topic and I can't properly interpret what you posted.
Start a new discussion topic with only the description of what you know and have observed for yourself. I'm sure the diagnostics Linc gave have changed after all this time and you need to be logged in as admin in order to properly run them.
That being said, if you plan on pursuing this from a legal standpoint then you need to take your computer to the authorities in your area and have it forensically examined by a qualified law enforcement tech. Once you allowed physical access, most anything could have been done to it and it probably won't be obvious to any of us.
-
Aug 25, 2016 3:26 AM in response to Linc Davisby MatiZu,I followed the instruction. could you please check the results for me? Is there more ways of checking if the mac was hacked? Thank you.
Last login: Thu Aug 25 08:49:57 on console
Matyldas-iMac:~ MatiZu$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
Matyldas-iMac:~ MatiZu$
Matyldas-iMac:~ MatiZu$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
Matyldas-iMac:~ MatiZu$
Matyldas-iMac:~ MatiZu$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
Matyldas-iMac:~ MatiZu$
Matyldas-iMac:~ MatiZu$ sudo launchctl list | sed 1d | awk ' !/0x|apple|com\.vix|edu\.|org\./ { print $3 } '
Password:
com.adobe.fpsaud
Matyldas-iMac:~ MatiZu$ launchctl list | sed 1d | awk ' !/0x|apple|edu\.|org\./ { print $3 } '
Matyldas-iMac:~ MatiZu$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
Flash Player.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
flashplayer.xpt
nsIQTScriptablePlugin.xpt
/Library/LaunchAgents:
/Library/LaunchDaemons:
com.adobe.fpsaud.plist
/Library/PreferencePanes:
Flash Player.prefPane
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
/Library/ScriptingAdditions:
/Library/StartupItems:
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
Library/LanguageModeling:
en-dynamic.lm
Library/PreferencePanes:
Matyldas-iMac:~ MatiZu$ ps -cx
PID TTY TIME CMD
218 ?? 0:01.17 cfprefsd
219 ?? 0:00.56 UserEventAgent
221 ?? 0:01.39 distnoted
224 ?? 0:02.00 Dock
226 ?? 0:03.72 SystemUIServer
227 ?? 0:14.67 Finder
233 ?? 0:00.01 pboard
234 ?? 0:00.34 Spotlight
235 ?? 0:01.35 fontd
238 ?? 0:00.06 bird
239 ?? 0:00.22 usernoted
242 ?? 0:00.20 com.apple.wifi.proxy
243 ?? 0:00.25 SpotlightNetHelper
244 ?? 0:00.56 sharingd
245 ?? 0:00.12 tccd
246 ?? 0:00.88 lsuseractivityd
247 ?? 0:00.18 iconservicesagent
248 ?? 0:00.26 pkd
250 ?? 0:14.59 nsurlstoraged
251 ?? 0:00.14 com.apple.dock.extra
252 ?? 0:00.56 identityservicesd
253 ?? 0:00.03 spindump_agent
255 ?? 0:00.02 SocialPushAgent
257 ?? 0:00.07 Keychain Circle Notification
260 ?? 0:00.59 NotificationCenter
262 ?? 0:00.18 AppleIDAuthAgent
264 ?? 0:00.51 CalendarAgent
266 ?? 0:00.03 askpermissiond
267 ?? 0:00.10 imagent
268 ?? 0:00.05 cloudpaird
271 ?? 0:00.09 WiFiAgent
272 ?? 0:00.14 diagnostics_agent
274 ?? 0:00.12 soagent
275 ?? 0:01.09 storeaccountd
280 ?? 0:00.05 CallHistorySyncHelper
281 ?? 0:00.03 mapspushd
282 ?? 0:00.06 fmfd
283 ?? 0:01.48 secinitd
284 ?? 0:00.03 IMDPersistenceAgent
286 ?? 0:00.03 CallHistoryPluginHelper
287 ?? 0:00.03 secd
288 ?? 0:00.12 CalNCService
289 ?? 0:00.06 accountsd
293 ?? 0:00.05 pbs
294 ?? 0:00.86 AppleSpell
296 ?? 0:00.03 com.apple.InputMethodKit.UserDictionary
312 ?? 0:00.02 storelegacy
314 ?? 0:00.59 storeassetd
315 ?? 0:00.08 LaterAgent
316 ?? 0:00.12 CoreServicesUIAgent
318 ?? 0:00.11 storedownloadd
342 ?? 0:00.29 cloudphotosd
343 ?? 0:00.09 com.apple.CloudPhotosConfiguration
344 ?? 0:00.03 photolibraryd
350 ?? 2:33.78 Safari
353 ?? 1:20.87 com.apple.WebKit.Networking
356 ?? 0:00.10 AirPlayUIAgent
358 ?? 0:00.28 cloudd
361 ?? 0:00.02 nsurlsessiond
377 ?? 0:00.11 SafariNotificationAgent
387 ?? 0:00.03 com.apple.NotesMigratorService
407 ?? 0:03.25 com.apple.Safari.SearchHelper
419 ?? 0:00.16 callservicesd
668 ?? 0:00.01 mdflagwriter
678 ?? 3:28.43 com.apple.WebKit.WebContent
692 ?? 0:00.02 DataDetectorsDynamicData
695 ?? 0:00.01 helpd
728 ?? 2:14.97 com.apple.WebKit.WebContent
729 ?? 0:00.01 com.apple.audio.SandboxHelper
730 ?? 0:00.03 com.apple.audio.ComponentHelper
736 ?? 0:00.83 nbagent
738 ?? 0:00.47 installd
1076 ?? 0:00.16 com.apple.CommerceKit.TransactionService
1089 ?? 0:00.03 mdworker
1149 ?? 0:00.21 storeuid
1151 ?? 0:00.01 com.apple.appstore.PluginXPCService
1169 ?? 0:16.02 com.apple.WebKit.WebContent
1171 ?? 0:00.02 mdworker
1172 ?? 0:00.03 mdworker
1179 ?? 0:00.02 mdworker
1189 ?? 0:02.68 Terminal
1191 ttys000 0:00.04 login
1192 ttys000 0:00.02 -bash
1210 ttys000 0:00.00 ps
Matyldas-iMac:~ MatiZu$
-
Aug 25, 2016 5:08 AM in response to MatiZuby MadMacs0,Nobody else seems to be following this over 5 year old topic and I can't properly interpret what you posted.
Start a new discussion topic with only the description of what you know and have observed for yourself without anything else until asked for. I'm sure the diagnostics Linc gave have changed after all this time.