Molto spazio utilizzato, ventole attive dopo aver aperto solo safari

[B3rta]

Buongiorno, 

 

ho un:

MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports)

 

ho notato che ho parecchio spazio occupato, le fans si attivando dopo l'apertura di una semplice applicazione e il Mac risulta scottante, volevo chiedere un parere se questo fosse un problema  derivato da un malware, posto qui l'analisi EntreCheck.

Grazie in anticipo

 

 

EtreCheckPro version: 6.5.1 (6F003)

Report generated: 2021-08-23 17:12:25

Download EtreCheckPro from https://etrecheck.com

Runtime: 3:32

 

Performance: Good

 

Problem: Other problem

Description: 

A lot of space used and fans really loud and noise

 

Major Issues:

    Anything that appears on this list needs immediate attention. 

 

    Adware - Adware detected.

    Heavy CPU usage - Some processes are using an unusually high amount of CPU.

 

Minor Issues:

    These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. 

 

    No Time Machine backup - Time Machine backup not found.

    Clean up - There are orphan files that could be removed.

    Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system.

    Runaway user process - A user process is using a large percentage of your CPU.

    x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system.

    Limited drive access - More information may be available with Full Drive Access.

    Kernel extensions present - This computer has kernel extensions that may not work in the future.

 

Hardware Information:

    MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)

    MacBook Pro Model: MacBookPro15,2

    2,3 GHz Quad-Core Intel Core i5 (i5-8259U) CPU: 4-core

    8 GB RAM - Not upgradeable

        BANK 0/ChannelA-DIMM0 - 4 GB LPDDR3 2133 

        BANK 2/ChannelB-DIMM0 - 4 GB LPDDR3 2133 

    Battery: Health = Normal - Cycle count = 670

 

Video Information:

    Intel Iris Plus Graphics 655 - VRAM: 1536 MB

        Color LCD (built-in) 2880 x 1800

 

Drives:

    disk0 - APPLE SSD AP0256M 251.00 GB (Solid State - TRIM: Yes)

    Internal PCI-Express 8.0 GT/s x4 NVM Express

        disk0s1 - EFI [EFI] 315 MB

        disk0s2 [APFS Container] 250.69 GB

            disk1 [APFS Virtual drive] 250.69 GB (Shared by 6 volumes)

                disk1s1 - M*****************i (APFS) [APFS Virtual drive] (Shared - 197.42 GB used)

                disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 394 MB used)

                disk1s3 - Recovery (APFS) [Recovery] (Shared - 626 MB used)

                disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used)

                disk1s5 (APFS) [APFS Container] (Shared - 19.94 GB used)

                    disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 19.94 GB used)

                disk1s6 - Update (APFS) (Shared - 117 MB used)

 

Mounted Volumes:

    disk1s1 - M*****************i [APFS Virtual drive]

        250.69 GB (Shared - 197.42 GB used, 31.73 GB available, 30.98 GB free)

        APFS

        Mount point: /System/Volumes/Data

        Encrypted

 

    disk1s2 - Preboot [APFS Preboot]

        250.69 GB (Shared - 394 MB used, 30.98 GB free)

        APFS

        Mount point: /System/Volumes/Preboot

 

    disk1s4 - VM [APFS VM]

        250.69 GB (Shared - 1.07 GB used, 30.98 GB free)

        APFS

        Mount point: /System/Volumes/VM

 

    disk1s5 [APFS Container]

        250.69 GB (Shared - 19.94 GB used, 30.98 GB free)

        APFS

        Mount point: /System/Volumes/Update/mnt1

        Encrypted

        Partitions:

        disk1s5s1 

 

    disk1s5s1 - Macintosh HD [APFS Snapshot]

        250.69 GB (Shared - 19.94 GB used, 31.73 GB available, 30.98 GB free)

        APFS

        Mount point: /

        Read-only: Yes

 

    disk1s6 - Update

        250.69 GB (Shared - 117 MB used, 30.98 GB free)

        APFS

        Mount point: /System/Volumes/Update

 

Network:

    Interface en0: Wi-Fi

        802.11 a/b/g/n/ac

    Interface en6: Bluetooth PAN

    Interface bridge0: Thunderbolt Bridge

    iCloud Quota: 9.78 GB available

 

System Software:

    macOS Big Sur 11.5 (20G71) 

    Time since boot: About 7 days

 

Security:

    Gatekeeper: App Store and identified developers

    System Integrity Protection: Enabled

    Antivirus software: Apple

 

Adware:

    Launchd: ~/Library/LaunchAgents/.plist

        Reason: Adware name match

        Executable: /Applications/OneDrive.app/Contents/MacOS/OneDrive

 

Unsigned Files:

    Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveUpdaterDaemon.plist

        Executable: /Applications/OneDrive.app/Contents/OneDriveUpdaterDaemon.xpc/Contents/MacOS/OneDriveUpdaterDaemon

        Details: Exact match found in the legitimate list - probably OK

 

    Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveStandaloneUpdaterDaemon.plist

        Executable: /Applications/OneDrive.app/Contents/StandaloneUpdaterDaemon.xpc/Contents/MacOS/StandaloneUpdaterDaemon

        Details: Exact match found in the legitimate list - probably OK

 

    Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist

        Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver

        Details: Exact match found in the legitimate list - probably OK

 

    Running app: /Library/Printers/Brother/Utilities/Server/NETserver.app/Contents/MacOS/NETserver

    Running app: /Library/Printers/Brother/Utilities/Server/USBserver.app/Contents/MacOS/USBserver

 

    Apps: 4

 

Old Applications:

    110 x86-only apps

 

Kernel Extensions:

    /Library/Extensions

        [Not Loaded] hp_fax_io.kext - com.hp.kext.hp-fax-io (HP Inc., 5.28.5 - SDK 10.13)

        [Not Loaded] hp_io_enabler_compound.kext - com.hp.kext.io.enabler.compound (HP Inc., 3.4.0)

        [Not Loaded] hp_Inkjet1_io_enabler.kext - com.hp.print.hpio.Inkjet1.kext (HP Inc., 3.6.1 - SDK 10.12)

 

System Launch Daemons:

    [Not Loaded] 36 Apple tasks

    [Loaded] 170 Apple tasks

    [Running] 157 Apple tasks

    [Other] One Apple task

 

System Launch Agents:

    [Not Loaded] 16 Apple tasks

    [Loaded] 159 Apple tasks

    [Running] 159 Apple tasks

 

Launch Daemons:

    [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2021-01-09)

    [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2021-01-09)

    [Loaded] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2019-04-07)

    [Loaded] com.adobe.agsservice.plist (Adobe Inc. - installed 2021-08-16)

    [Loaded] com.apple.installer.osmessagetracing.plist (? dbb717cc - installed 2019-09-19)

    [Loaded] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (? f39826f0 - installed 2020-10-30)

    [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (? a510a00 - installed 2020-10-30)

    [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2021-08-10)

    [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2020-10-12)

    [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Microsoft Corporation - installed 2021-02-20)

 

Launch Agents:

    [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2021-02-09)

    [Running] com.adobe.GC.AGM.plist (Adobe Inc. - installed 2021-08-16)

    [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-08-16)

    [Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2019-03-13)

    [Other] com.microsoft.OneDriveStandaloneUpdater.plist (? b97e8726 - installed 2020-10-30)

    [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2021-08-10)

 

User Launch Agents:

    [Not Loaded] .plist (Adware - installed 2020-10-30)

    [Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-08-16)

 

User Login Items:

    [Loaded] StartUpHelper (Spotify - installed 2021-04-14)

        Modern Login Item

        /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

 

    [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-04-20)

        Modern Login Item

        /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app

 

    [Not Loaded] HP Product Research (HP Inc. - installed 2019-04-20)

        Modern Login Item

        /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app

 

Internet Plug-ins:

    AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2021-07-16)

    AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2019-04-07)

    AdobePDFViewer: 21.005.20058 (Adobe Systems, Inc. - installed 2021-07-16)

 

Backup:

    Time Machine Not Configured!

 

Performance:

    System Load: 5.45 (1 min ago) 4.99 (5 min ago) 4.83 (15 min ago)

    Nominal I/O speed: 2.75 MB/s

    File system: 25.41 seconds

    Write speed: 1015 MB/s

    Read speed: 2279 MB/s

 

CPU Usage Snapshot:

    Type Overall

    System: 45 %

    User: 7 %

    Idle: 48 %

 

Top Processes Snapshot by CPU:

    Process (count) CPU (Source - Location)

    mds_stores 99.32 % (Apple)

    QuickLookUIService (5) 97.86 % (Apple)

    umount 97.42 % (Apple)

    logd 38.00 % (Apple)

    MailStorageManagement 20.14 % (Apple)

 

Top Processes Snapshot by Memory:

    Process (count) RAM usage (Source - Location)

    com.apple.WebKit.WebContent (9) 530 MB (Apple)

    EtreCheckPro 428 MB (Etresoft, Inc.)

    kernel_task 288 MB (Apple)

    MTLCompilerService (22) 217 MB (Apple)

    Safari 212 MB (Apple)

 

Top Processes Snapshot by Network Use:

    Process Input / Output (Source - Location)

    mDNSResponder 3 MB / 2 MB (Apple)

    Spotify 324 KB / 43 KB (Spotify)

    remoted 114 KB / 154 KB (Apple)

    apsd 22 KB / 142 KB (Apple)

    Mail 82 KB / 14 KB (Apple)

 

Top Processes Snapshot by Energy Use:

    Process (count) Energy (0-100) (Source - Location)

    mds_stores 49 (Apple)

    QuickLookUIService (5) 43 (Apple)

    umount 43 (Apple)

    logd 15 (Apple)

    MailStorageManagement 14 (Apple)

 

Virtual Memory Information:

    Physical RAM: 8 GB

 

    Free RAM: 113 MB

    Used RAM: 5.41 GB

    Cached files: 2.48 GB

 

    Available RAM: 2.59 GB

    Swap Used: 259 MB

 

Software Installs (past 60 days):

    Install Date Name (Version)

    2021-06-29 XProtectPlistConfigData (2149)

    2021-06-29 MRTConfigData (1.81)

    2021-07-16 Adobe Acrobat Reader DC (21.005.20058) (21.005.20058)

    2021-07-25 macOS 11.5 (11.5)

    2021-08-10 Microsoft AutoUpdate (4.38.21080801)

    2021-08-10 Microsoft Excel (16.52.21080801)

    2021-08-10 Microsoft OneNote (16.52.21080801)

    2021-08-10 Microsoft Outlook (16.52.21080801)

    2021-08-10 Microsoft PowerPoint (16.52.21080801)

    2021-08-10 Microsoft Word (16.52.21080801)

 

Clean up:

    /Library/LaunchAgents/com.microsoft.OneDriveStandaloneUpdater.plist

        /Applications/OneDrive.app/Contents/StandaloneUpdater.app/Contents/MacOS/OneDriveStandaloneUpdater

        Executable not found

 

Diagnostics Information (past 7-30 days):

    2021-08-17 10:58:04 mdsync - High CPU Use (3 times)

        Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

 

End of report

[loudycloud]

Prova a stare senza OneDrive, vedi se migliora. Se non ti serve assolutamente, rimuovi OneDrive, che si vive meglio.

 

Nel report è indicato un malware:

4 ore fa, B3rta dice:

Adware:

    Launchd: ~/Library/LaunchAgents/.plist

        Reason: Adware name match

Puoi rimuovere il file, disattivare OneDrive, e riavviare.

 

Per trovare il file copi il percorso (compresa la "~" iniziale) in Finder Menu' Vai > Vai alla cartella... e poi rendi visibili gli invisibili coi tre tasti maiusc cmd punto

 

 

 

 

4 ore fa, B3rta dice:

  2021-08-17 10:58:04 mdsync - High CPU Use (3 times)

        Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

questo vuol dire che Spotlight fa fatica ad indicizzare. Hai dischi esterni collegati? Hai la scrivania/documenti su iCloud? (Attento che iCloud Drive e MS OneDrive si pestano i piedi)

 

Modificato 23 Agosto 2021 da loudycloud

[B3rta]

Grazie mille della tua risposta loudycloud, 

 

ho eliminato il file ~/Library/LaunchAgents/.plist 

non riesco a trovare però onedrive mi ricordo di averlo già cancellato in passato, forse lo ho disinstallato male? 

Al momento non ho dischi esterni collegati o la scrivania iCloud 

 

[nemesis.ilovemac]

14 ore fa, B3rta dice:

 

non riesco a trovare però onedrive mi ricordo di averlo già cancellato in passato, forse lo ho disinstallato male? 

 

si, lo hai disinstallato in modo non corretto, sono presenti il demone e gli agents… per essere sicuro vedi se esiste un disinstaller ufficiale e nel caso reinstallalo e rimuovilo con l’apposito disinstaller e non semplicemente gettandolo nel cestino 

[B3rta]

Perfetto

1 ora fa, nemesis.ilovemac dice:

si, lo hai disinstallato in modo non corretto, sono presenti il demone e gli agents… per essere sicuro vedi se esiste un disinstaller ufficiale e nel caso reinstallalo e rimuovilo con l’apposito disinstaller e non semplicemente gettandolo nel cestino 

 

16 ore fa, loudycloud dice:

Prova a stare senza OneDrive, vedi se migliora. Se non ti serve assolutamente, rimuovi OneDrive, che si vive meglio.

 

Nel report è indicato un malware:

Puoi rimuovere il file, disattivare OneDrive, e riavviare.

 

Per trovare il file copi il percorso (compresa la "~" iniziale) in Finder Menu' Vai > Vai alla cartella... e poi rendi visibili gli invisibili coi tre tasti maiusc cmd punto

 

 

 

 

questo vuol dire che Spotlight fa fatica ad indicizzare. Hai dischi esterni collegati? Hai la scrivania/documenti su iCloud? (Attento che iCloud Drive e MS OneDrive si pestano i piedi)

 

 

Perfetto vi ringrazio dell’aiuto ! 
già avendo rimosso il malware le fans non girano più all’impazzata, mi dura di più batteria e non si scalda ! 
 

Grazie ancora ! Ora provo a re installare e did installare nuovamente one drive !

[loudycloud]

Bene!

 

Ora posso farti una domandaccia?  Perchè hai installato "Adobe Acrobat Reader DC"? (Sì, ce l'ho con lui!) Cosa può fare lui che Apple Anteprima non possa fare meglio?

[B3rta]

1 minuto fa, loudycloud dice:

Bene!

 

Ora posso farti una domandaccia?  Perchè hai installato "Adobe Acrobat Reader DC"? (Sì, ce l'ho con lui!) Cosa può fare lui che Apple Anteprima non possa fare meglio?

Mi serve per stampare un lavoro più grande di un a3 nelle stampanti max a3 (funzione poster)