EtreCheck found a change in configuration files. What does it mean?
I ran EtreCheck in El Capitan and it said about Configuration Files "/etc/sudoers. File size 2411 but expected 2299". I recently had a problem with a hacker and have been cleaning up the mess. Can this be related to that hacking?
EtreCheck version: 4.1 (4A162)
Report generated: 2018-03-02 16:03:39
Download EtreCheck from https://etrecheck.com
Runtime: 3:04
Performance: Good
Problem: Other problem
Major Issues:
Anything that appears on this list needs immediate attention.
Modified suoders file - The sudoers file has been modified. This is unusual and is sometimes evidence of malware.
/etc/sudoers, File Size 2411 but expected 1563
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Unsigned files - There is unsigned software installed. It appears to be legitimate but should be reviewed.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
iMac (21.5-inch, Mid 2011)
iMac Model: iMac12,1
1 2.5 GHz Intel Core i5 (i5-2400S) CPU: 4-core
16 RAM At maximum
BANK 0/DIMM0
4 GB DDR3 1333 ok
BANK 1/DIMM0
4 GB DDR3 1333 ok
BANK 0/DIMM1
4 GB DDR3 1333 ok
BANK 1/DIMM1
4 GB DDR3 1333 ok
Video Information:
AMD Radeon HD 6750M - VRAM: 512 MB
iMac 1920 x 1080
Drives:
disk0 - WDC WD5000AAKS-402AA0 500.11 GB (Mechanical)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 - Macintosh HD (Journaled HFS+) 499.11 GB
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
disk1 - Western Digital My Passport 25E4 2.00 TB
External USB 480 Mbit/s
disk1s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk1s2 - M***********2 (Journaled HFS+) 499.03 GB
disk1s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
disk1s4 - S******U (Journaled HFS+) 1.50 TB
Mounted Volumes:
disk0s2 - Macintosh HD 499.11 GB (466.50 GB free)
Journaled HFS+
Mount point: /
disk1s2 - M***********2 499.03 GB (470.35 GB free)
Journaled HFS+
Mount point: /Volumes/M***********2
disk1s4 - S******U 1.50 TB (1.43 TB free)
Journaled HFS+
Mount point: /Volumes/S******U
Network:
Interface en0: Ethernet
One IPv4 address
Interface fw0: FireWire
Interface en1: Wi-Fi
802.11 a/b/g/n
Interface bridge0: Thunderbolt Bridge
System Software:
macOS Sierra 10.12.6 (16G1212)
Time since boot: Less than an hour
System Load: 1.86 (1 min ago) 1.54 (5 min ago) 1.46 (15 min ago)
Configuration Files:
File /etc/sudoers size but expected
Security:
System | Status |
---|---|
Gatekeeper | Mac App Store and identified developers |
System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchAgents/net.culater.SIMBL.Agent.plist
Executable: /Library/ScriptingAdditions/SIMBL.osax/Contents/Resources/SIMBL Agent.app/Contents/MacOS/SIMBL Agent
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.ShutDown.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to shut down -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.coupons.coupond.plist
Executable: /Library/Application Support/Coupons/coupond launchd
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist
Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGIN server
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.Restart.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to restart -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
Name | Version |
ControlCenter | 2.14.0 |
SecurityFixer | 10.8 |
RemoteSetup | 3.3.2 |
SLLauncher | 1.0 |
Brorsoft Video Converter | 2.9.1.5363 |
CpDesktop | 3.0.0 |
UniversalUninstaller | 2.7.11.8 |
UniversalInstaller | 2.7.11.8 |
Adobe Flash Player Install Manager | 28.0.0.161 |
quicklookd32 | 5.0 |
DVD Player | 5.8 |
StellarPhoenixMacDataRecovery | |
USBserver | 1.2.0 |
Canon IJ Printer Utility | 7.23.10 |
LOGINserver | 1.2.0 |
NETserver | 1.1.9 |
InkServer | 10.9 |
Kernel Extensions:
/Library/Extensions
[Loaded] FileProtect.kext (Bitdefender SRL, 1.1 - SDK 10.11)
[Loaded] SelfProtect.kext (Bitdefender SRL, 1.2.9 - SDK 10.8)
[Loaded] TMProtection.kext (Bitdefender SRL, 5.0.0 - SDK 10.11)
System Launch Agents:
[Not Loaded] | 7 Apple tasks |
[Loaded] | 185 Apple tasks |
[Running] | 93 Apple tasks |
System Launch Daemons:
[Not Loaded] | 41 Apple tasks |
[Loaded] | 173 Apple tasks |
[Running] | 103 Apple tasks |
[Other] | 2 Apple tasks |
Launch Agents:
[Running] | com.wdc.WD-Drive-Agent.plist (Western Digital Corporation Branded Products Group - installed 2017-04-10) |
[Not Loaded] | com.maintain.ShutDown.plist (? 9b7e817c - installed 2018-01-18) |
[Running] | com.maintain.SystemEvents.plist (Apple, Inc. - installed 2017-07-14) |
[Not Loaded] | com.maintain.Restart.plist (? 5421a7fd - installed 2018-01-18) |
[Not Loaded] | com.maintain.PurgeInactiveMemory.plist (Apple, Inc. - installed 2018-01-18) |
[Loaded] | com.coupons.coupond.plist (? f6a15e5e - installed 2014-10-16) |
[Loaded] | com.oracle.java.Java-Updater.plist (? 9af0c657 - installed 2017-12-19) |
[Running] | com.brother.LOGINserver.plist (? a1772de2 - installed 2015-03-12) |
[Running] | com.bitdefender.antivirusformac.plist (Bitdefender SRL - installed 2017-09-20) |
[Not Loaded] | net.culater.SIMBL.Agent.plist (? 850e6250 - installed 2014-04-14) |
Launch Daemons:
[Loaded] | com.bombich.ccchelper.plist (Bombich Software, Inc. - installed 2017-11-26) |
[Loaded] | com.prosofteng.DriveGenius.locum.plist (? c8db10d3 - installed 2017-10-10) |
[Loaded] | com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-02-01) |
[Loaded] | com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2017-12-19) |
[Loaded] | com.bitdefender.upgrade.plist (Bitdefender SRL - installed 2017-09-20) |
[Not Loaded] | com.maintain.HideSpotlightMenuBarIcon.plist (Apple, Inc. - installed 2017-07-14) |
[Running] | com.bitdefender.agent.plist (Bitdefender SRL - installed 2018-01-25) |
[Loaded] | com.bitdefender.AuthHelperTool.plist (Bitdefender SRL - installed 2017-09-20) |
User Launch Agents:
[Loaded] | com.maintain.ShowUserLibraryDirectory.plist (Apple, Inc. - installed 2017-07-14) |
Internet Plug-ins:
FlashPlayer-10.6: 28.0.0.161 (installed 2018-02-06)
Flash Player: 28.0.0.161 (installed 2018-02-06)
QuickTime Plugin: 7.7.3 (installed 2018-02-02)
JavaAppletPlugin: Java 8 Update 161 build 12 (installed 2018-02-18)
EPPEX Plugin: 10.0 (installed 2013-09-25)
PepperFlashPlayer: 28.0.0.161 (installed 2018-02-06)
Safari Extensions:
Ka-Block!.safariextz - David Graham & Josh Peek - http://kablock.com (installed 2017-10-25) |
Adblock Plus.safariextz - Eyeo GmbH - https://adblockplus.org/ (installed 2017-01-05) |
URL Advisor.safariextz - Kaspersky Lab - http://kaspersky.com (installed 2017-01-05) |
TrafficLight.safariextz - Bitdefender SRL - http://trafficlight.bitdefender.com/ (installed 2017-09-12) |
3rd Party Preference Panes:
AppTrap (installed 2017-02-26)
Flash Player (installed 2018-02-01)
Java (installed 2018-02-18)
Time Machine:
Skip System Files: No
Mobile backups: No
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 499.11 GB - Disk used: 32.61 GB
Destinations:
S******U [Local] (Last used)
Total size: 1.50 TB
Total number of backups: 52
Oldest backup: 2017-12-03 01:45:26
Last backup: 2018-03-02 15:57:22
Top Processes by CPU:
Process (count) | Source | % of CPU |
trustd (4) | Apple | 11 |
BDCoreIssues | Bitdefender SRL | 9 |
WindowServer | Apple | 3 |
spindump | Apple | 2 |
ocspd | Apple | 1 |
Top Processes by Memory:
Process (count) | Source | RAM usage |
kernel_task | Apple | 1010 MB |
mdworker (20) | Apple | 546 MB |
BDLDaemon | Bitdefender SRL | 412 MB |
cfprefsd (3) | Apple | 139 MB |
iconservicesagent (2) | Apple | 137 MB |
Top Processes by Network Use:
Process | Source | Input | Output |
mDNSResponder | Apple | 42 KB | 17 KB |
apsd | Apple | 7 KB | 6 KB |
bdagentd | Bitdefender SRL | 6 KB | 2 KB |
BDCoreIssues | Bitdefender SRL | 4 KB | 2 KB |
Top Processes by Energy Use:
Process (count) | Source | Energy usage (0-100) |
trustd (4) | Apple | 24 |
BDCoreIssues | Bitdefender SRL | 22 |
WindowServer | Apple | 3 |
ocspd | Apple | 2 |
hidd | Apple | 1 |
Virtual Memory Information:
Available RAM | 11.77 GB |
Free RAM | 8.40 GB |
Used RAM | 4.23 GB |
Cached files | 3.37 GB |
Swap Used | 0 B |
Software Installs (past 30 days):
Name | Version | Install Date |
Dr. Cleaner | 3.3.4 | 2018-02-27 |
Diagnostics Information (past 7 days):
2018-03-02 15:50:12 SIMBL Agent.app Crash
dyld: launch running initializersusrliblibSystem.B.dylib |
2018-02-28 21:02:55 BDLDaemon CPU
End of report
iMac, macOS Sierra (10.12.6), Early 2009 20"