PDA

View Full Version : Hacked and Paranoid




harp69
Mar 25, 2013, 05:34 PM
I am new to Mac due to a violent and ongoing Hack on my Windows machines. I know that Mac's are secure but I'm paranoid. Would someone be so kind as to review the following excerpts from my log and tell me if there is anything suspicious. Thank you

3/25/13 2:40:33.447 PM sandboxd[316]: ([315]) mdworker(315) deny mach-lookup com.apple.ls.boxd
3/25/13 2:40:33.000 PM kernel[0]: Sandbox: sandboxd(316) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:42:33.408 PM mdworker[318]: Unable to talk to lsboxd
3/25/13 2:42:33.448 PM sandboxd[319]: ([318]) mdworker(318) deny mach-lookup com.apple.ls.boxd
3/25/13 2:42:33.000 PM kernel[0]: Sandbox: sandboxd(319) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:46:34.125 PM mdworker[321]: Unable to talk to lsboxd
3/25/13 2:46:34.165 PM sandboxd[322]: ([321]) mdworker(321) deny mach-lookup com.apple.ls.boxd
3/25/13 2:46:34.000 PM kernel[0]: Sandbox: sandboxd(322) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:50:34.121 PM mdworker[325]: Unable to talk to lsboxd
3/25/13 2:50:34.160 PM sandboxd[326]: ([325]) mdworker(325) deny mach-lookup com.apple.ls.boxd
3/25/13 2:50:34.000 PM kernel[0]: Sandbox: sandboxd(326) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:52:07.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 2c:26:c5:d5:75:89 MAC AUTH succeeded
3/25/13 2:52:07.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
3/25/13 2:52:07.000 PM kernel[0]: AirPort: Link Up on en1
3/25/13 2:52:07.000 PM kernel[0]: en1: BSSID changed to 2c:26:c5:d5:75:89
3/25/13 2:52:07.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:52:07.000 PM kernel[0]: AirPort: RSN handshake complete on en1
3/25/13 2:52:08.486 PM airportd[337]: _doAutoJoin: Already associated to “Verizon-890L-7589”. Bailing on auto-join.
3/25/13 2:52:09.101 PM configd[18]: network changed: v4(en1+:192.168.1.2) DNS+ Proxy+ SMB
3/25/13 2:52:09.227 PM UserEventAgent[11]: Captive: en1: Not probing 'Verizon-890L-7589' (protected network)
3/25/13 2:52:09.230 PM configd[18]: network changed: v4(en1!:192.168.1.2) DNS Proxy SMB
3/25/13 2:52:10.346 PM com.apple.SecurityServer[15]: Session 100010 created
3/25/13 2:52:10.395 PM com.apple.launchd.peruser.501[137]: (com.apple.NetworkDiagnostics[341]) Check-in of Mach service failed. Already active: com.apple.NetworkDiagnostic.agent
3/25/13 2:52:10.475 PM WebProcess[332]: objc[332]: Object 0x7fd789c1c5a0 of class NSUserDefaults autoreleased with no pool in place - just leaking - break on objc_autoreleaseNoPool() to debug
3/25/13 2:52:19.000 PM kernel[0]: wlEvent: en1 en1 Link DOWN virtIf = 0
3/25/13 2:52:19.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
3/25/13 2:52:19.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:52:19.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 2c:26:c5:d5:75:89 MAC AUTH succeeded
3/25/13 2:52:19.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
3/25/13 2:52:19.000 PM kernel[0]: AirPort: Link Up on en1
3/25/13 2:52:19.000 PM kernel[0]: en1: BSSID changed to 2c:26:c5:d5:75:89
3/25/13 2:52:19.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:52:19.000 PM kernel[0]: AirPort: RSN handshake complete on en1
3/25/13 2:52:20.471 PM airportd[337]: _doAutoJoin: Already associated to “Verizon-890L-7589”. Bailing on auto-join.
3/25/13 2:52:32.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 2c:26:c5:d5:75:89 MAC AUTH succeeded
3/25/13 2:52:32.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
3/25/13 2:52:32.000 PM kernel[0]: wl0: Roamed or switched channel, reason #8, bssid 2c:26:c5:d5:75:89
3/25/13 2:52:32.000 PM kernel[0]: en1: BSSID changed to 2c:26:c5:d5:75:89
3/25/13 2:52:32.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:52:34.000 PM kernel[0]: wlEvent: en1 en1 Link DOWN virtIf = 0
3/25/13 2:52:34.000 PM kernel[0]: AirPort: Link Down on en1. Reason 2 (Previous authentication no longer valid).
3/25/13 2:52:34.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:52:34.754 PM configd[18]: network changed: v4(en1-:192.168.1.2) DNS- Proxy- SMB
3/25/13 2:52:34.766 PM Mail[166]: Error while parsing IMAP response * FETCH (): Read failure
Remaining text: <>
3/25/13 2:52:34.939 PM mdworker[348]: Unable to talk to lsboxd
3/25/13 2:52:35.000 PM kernel[0]: Sandbox: sandboxd(350) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:52:35.256 PM sandboxd[350]: ([348]) mdworker(348) deny mach-lookup com.apple.ls.boxd
3/25/13 2:53:54.048 PM SystemUIServer[175]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:53:54.048 PM SystemUIServer[175]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:53:54.104 PM SystemUIServer[175]: *** WARNING: -[NSImage compositeToPoint:operation:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:53:54.104 PM SystemUIServer[175]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:54:04.675 PM System Preferences[354]: Could not find image named 'InvalidDataIcon'.
3/25/13 2:54:04.749 PM System Preferences[354]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:54:04.749 PM System Preferences[354]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
3/25/13 2:54:34.797 PM mdworker[361]: Unable to talk to lsboxd
3/25/13 2:54:34.836 PM sandboxd[362]: ([361]) mdworker(361) deny mach-lookup com.apple.ls.boxd
3/25/13 2:54:35.000 PM kernel[0]: Sandbox: sandboxd(362) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:58:35.471 PM mdworker[365]: Unable to talk to lsboxd
3/25/13 2:58:35.510 PM sandboxd[366]: ([365]) mdworker(365) deny mach-lookup com.apple.ls.boxd
3/25/13 2:58:35.000 PM kernel[0]: Sandbox: sandboxd(366) deny mach-lookup com.apple.coresymbolicationd
3/25/13 2:59:27.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 2c:26:c5:d5:75:89 MAC AUTH succeeded
3/25/13 2:59:27.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
3/25/13 2:59:27.000 PM kernel[0]: AirPort: Link Up on en1
3/25/13 2:59:27.000 PM kernel[0]: en1: BSSID changed to 2c:26:c5:d5:75:89
3/25/13 2:59:27.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
3/25/13 2:59:27.000 PM kernel[0]: AirPort: RSN handshake complete on en1
3/25/13 2:59:27.088 PM configd[18]: network changed: v4(en1+:192.168.1.2) DNS+ Proxy+ SMB
3/25/13 2:59:27.095 PM UserEventAgent[11]: Captive: en1: Not probing 'Verizon-890L-7589' (protected network)
3/25/13 2:59:27.100 PM configd[18]: network changed: v4(en1!:192.168.1.2) DNS Proxy SMB
3/25/13 2:59:27.662 PM airportd[371]: _doAutoJoin: Already associated to “Verizon-890L-7589”. Bailing on auto-join.
3/25/13 2:59:58.233 PM SubmitDiagInfo[379]: Launched to submit Diagnostics and Usage
3/25/13 3:00:07.553 PM SubmitDiagInfo[379]: SubmitDiagInfo successfully uploaded 48 diagnostic messages.
3/25/13 3:02:35.475 PM mdworker[387]: Unable to talk to lsboxd
3/25/13 3:02:35.515 PM sandboxd[388]: ([387]) mdworker(387) deny mach-lookup com.apple.ls.boxd



b0fh666
Mar 26, 2013, 08:39 AM
looks normal. those lookup errors for 'boxd' can be fixed by booting into safe mode (hold shift at boot) then rebooting again. Don't ask why, it just works ;)