Störenfried.conf als nicht genemigter Gastbenutzer

[DRoBln]

Hallo Zusammen,
in den letzten 2 Tagen habe ich meinen IMac durchsucht. Er ist nicht mehr der jüngste jedoch kam er mir sehr langsam vor. Über den Finder suchte ich nach Ordnernamen die auf Maleware o.ä schließen lassen. Und ich finde eine Datei mit dem Namen Störenfie.conf. Eine Kopie der Datei habe ich auf meinem Schreibtisch abgelegt. Anbei der enthaltene Code.

<Directory "/Users/Guest/Sites/">
Options Indexes MultiViews
Require all granted
</Directory>

Malewarebytes hat leider nichts gefunden. Also habe ich die Kopie sowie das Original in den Papierkorb geschoben und gelöscht. Nach dem Neustart fiel mir auf das sich der ungenutzte Gast Account aktiviert hatte. Und dort finde ich folgenden Accountnamen (siehe Bild1). Ein Mitarbeiter der Telekom Computerhilfe hat mir heute morgen gesagt das es aureicht den Nutzernamen wieder auf Gast zu stellen.

Ist das damit wirklich erledigt? Ich frage weil mein Webspace / Server wurde ganz offensichtlich kompromittiert. Dort wurden Seiten und Weiterleitungen angelegt, welche u.a. auf nicht jugendfreie Seiten weiterleiten.(Bild3 zeigt einen Screenshot der Googlesuche nach meiner HP)

Und Malewarebytes findet immer noch nichts. Den aktuellen Report von DetectX und Etrecheck habe ich vorsorglich mit zur Verfügung gestellt.

Vielen Dank für eure Hilfe und bleibt gesund!

EtreCheck version: 5.5.5 (5111)
Report generated: 2020-05-08 09:38:27
Download EtreCheck from https://etrecheck.com
Runtime: 3:07
Performance: Good
Sandbox: Enabled
Full drive access: Disabled

Problem: No problem - just checking

Major Issues:
  Anything that appears on this list needs immediate attention.
  Obsolete hardware - This machine may be considered obsolete.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
  Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system.
  Heavy I/O usage - Your system is under heavy I/O use. This will reduce your performance.
  32-bit Apps - This machine has 32-bits apps will not work on macOS 10.15 "Catalina".
  Limited drive access - More information may be available with Full Drive Access.

Hardware Information:
  iMac (2009) - Obsolete!
  iMac Model: iMac10,1
  3,06 GHz Intel Core 2 Duo (Duo) CPU: 2-core
  12 RAM - Upgradeable
    BANK 0/DIMM0 - 4 GB DDR3 1067 
    BANK 1/DIMM0 - 4 GB DDR3 1067 
    BANK 0/DIMM1 - 2 GB DDR3 1067 
    BANK 1/DIMM1 - 2 GB DDR3 1067 

Video Information:
  ATI Radeon HD 4670 - VRAM: 256 MB
    iMac 2560 x 1440

Drives:
  disk0 - Hitachi HDE721010SLA330 1.00 TB (Mechanical - 7200 RPM)
  Internal SATA 3 Gigabit Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 [Core Storage Container] 999.35 GB
      disk1 - M****D (Journaled HFS+) 998.97 GB (41.99 GB used)
    disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB

Mounted Volumes:
  disk1 - M****D
    998.97 GB (41.99 GB used, 960.92 GB available, 956.73 GB free)
    Journaled HFS+
    Mount point: /
    Encrypted

Network:
  Interface en0: Ethernet
  Interface en1: Wi-Fi
    802.11 a/b/g/n

System Software:
  macOS High Sierra 10.13.6 (17G12034)
  Time since boot: Less than an hour

Notifications:
  Notifications not available without Full Drive Access.

Security:
  System Status
  Gatekeeper: Enabled
  System Integrity Protection: Enabled

  Antivirus software: Apple and Malwarebytes

Unsigned Files:
  Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist
    Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost
    Details: Exact match found in the whitelist - probably OK

  Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist
    Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
    Details: Exact match found in the whitelist - probably OK

32-bit Applications:
  2 32-bit apps

System Launch Agents:
  [Not Loaded]  17 Apple tasks
  [Loaded]  171 Apple tasks
  [Running]  105 Apple tasks

System Launch Daemons:
  [Not Loaded]  36 Apple tasks
  [Loaded]  185 Apple tasks
  [Running]  115 Apple tasks

Launch Agents:
  [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2020-04-21)

Launch Daemons:
  [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2020-05-06)
  [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2020-04-21)

User Launch Agents:
  [Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2020-03-18)
  [Loaded] com.google.keystone.agent.plist (? 0  - installed 2020-03-19)
  [Loaded] com.google.keystone.xpcservice.plist (? 0  - installed 2020-03-19)
  [Loaded] com.sqwarq.DetectX-Swift.observer.plist (Philip Stokes - installed 2020-03-19)

User Login Items:
  [Loaded] LPLaunchAtLoginHelperApp (App Store - installed 2020-03-26)
    Modern Login Item
    /Applications/LastPass.app/Contents/Library/LoginItems/LPLaunchAtLoginHelperApp.app

  [Not Loaded] MagentaCLOUDLaunchHelperApp (App Store - installed 2020-01-26)
    Modern Login Item
    /Applications/MagentaCLOUD.app/Contents/Library/LoginItems/MagentaCLOUDLaunchHelperApp.app

  [Not Loaded] StartUpHelper (Spotify - installed 2020-04-22)
    Modern Login Item
    /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

User Internet Plug-ins:
  User Internet Plug-ins need Full Drive Access

Audio Plug-ins:
  BluetoothAudioPlugIn: 6.0.7 (Apple - installed 2020-03-26)
  iSightAudio: 7.7.3 (Apple - installed 2020-03-26)
  AirPlay: 2.0 (Apple - installed 2020-03-26)
  AppleAVBAudio: 683.1 (Apple - installed 2020-03-26)
  BridgeAudioSP: 4.69.2 (Apple - installed 2020-03-26)
  AppleTimeSyncAudioClock: 1.0 (Apple - installed 2020-03-26)

User Audio Plug-ins:
  User Audio Plug-ins need Full Drive Access

User iTunes Plug-ins:
  User iTunes Plug-ins need Full Drive Access

Safari Extensions:
  Polyglot (App Store - installed 2020-01-26)

Time Machine:
  Time Machine information not available without Full Drive Access.

Performance:
  System Load: 1.57 (1 min ago) 2.81 (5 min ago) 4.22 (15 min ago)
  Nominal I/O speed: 51.09 MB/s
  File system: 40.57 seconds
  Write speed: 95 MB/s
  Read speed: 102 MB/s

CPU Usage Snapshot:
  Type Overall
  System: 11 %
  User: 40 %
  Idle: 49 %

Top Processes Snapshot by CPU:
  Process (count) CPU (Source - Location)
  Other processes 66.76 % (?)
  trustd 29.17 % (Apple)
  EtreCheck 5.93 % (App Store)
  CoreServicesUIAgent 0.83 % (Apple)
  LastPass 0.03 % (App Store)

Top Processes Snapshot by Memory:
  Process (count) RAM usage (Source - Location)
  EtreCheck 434 MB (App Store)
  Messages 103 MB (Apple)
  Finder 73 MB (Apple)
  CalendarAgent 58 MB (Apple)
  Spotlight 49 MB (Apple)

Top Processes Snapshot by Network Use:
  Process (count) Input / Output (Source - Location)
  Other processes 52 KB / 43 KB (?)
  universalAccessAuthWarn 0 B / 0 B (Apple)
  diagnostics_agent 0 B / 0 B (Apple)
  tccd 0 B / 0 B (Apple)
  dmd 0 B / 0 B (Apple)

Virtual Memory Information:
  Physical RAM: 12 GB

  Free RAM: 5.47 GB
  Used RAM: 3.39 GB
  Cached files: 3.13 GB

  Available RAM: 8.61 GB
  Swap Used: 0 B

Software Installs (past 30 days):
  Install Date Name (Version)
  2020-04-08 ClamXAV v3.0.15
  2020-05-01 XProtectPlistConfigData (2120)
  2020-05-01 MRTConfigData (1.59)
  2020-05-06 Malwarebytes for Mac
  2020-05-08 EtreCheck (5.5.5)

Diagnostics Information (past 7-30 days):
  Directory /Library/Logs/DiagnosticReports is not accessible.
  Enable Full Drive Access to see more information.

End of report