Desktop Files Removed - Virus?
Hey guys,
I have a Mac Book Air and recently I am having some serious troubles.
When I open my Google Chrome, after around 2 minutes my Computer runs a Task named Google Chrome Helper.
If I kill it my Google still runs perfectly!!
But if I don't the task starts removing files from my Computer.
How can I fix This?
I made an Eltrecheck:
EtreCheck version: 4.3.6 (4D041)
Report generated: 2018-09-01 11:41:00
Download EtreCheck from https://etrecheck.com
Runtime: 2:36
Performance: Excellent
Problem: Other problem
Description:
High CPU Google Chrome Helper Files missing
Major Issues:
Anything that appears on this list needs immediate attention.
Low disk space- This machine is running critically low on free hard drive space.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Apps crashing- There have been numerous app crashes.
Clean up- There are orphan files that could be removed.
Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed.
System modifications- There are a large number of system modifications running in the background.
Hardware Information:
MacBook Air (13-inch, 2013 - 2014) / MacBook Air (13-inch, Mid 2013)
MacBook Air Model: MacBookAir6,2
1 1,7 GHz Intel Core i7 (i7-4650U) CPU: 2-core
8 GB RAM - Not upgradeable
BANK 0/DIMM0 - 4 GB DDR3 1600 ok
BANK 1/DIMM0 - 4 GB DDR3 1600 ok
Battery: Health = Normal - Cycle count = 586
Video Information:
Intel HD Graphics 5000 - VRAM: 1536 MB
Color LCD 1440 x 900
Drives:
disk0 - APPLE SSD SM0256F 251.00 GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x2 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 [Core Storage Container] 250.14 GB
disk1 - S**************h (Journaled HFS+) 249.77 GB
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
Mounted Volumes:
disk1 - S**************h 249.77 GB (7.59 GB free)
Journaled HFS+
Mount point: /
Network:
Interface Bluetooth-Modem: Bluetooth DUN
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
One IPv4 address
Interface en2: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
Interface en3: Thunderbolt Ethernet
Interface en4: iPhone
iCloud Quota: 71.10 GB available
iCloud Status: 4 pending files
System Software:
macOS Sierra 10.12.6 (16G29)
Time since boot: Less than an hour
System Load: 1.78 (1 min ago) 2.62 (5 min ago) 3.05 (15 min ago)
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
| System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchDaemons/org.macports.akonadi.plist
Executable: /opt/local/bin/akonadiserver-script.sh
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.freedesktop.avahi-daemon.plist
Executable: /opt/local/sbin/avahi-daemon
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/org.macports.gpg-agent.plist
Executable: /opt/local/bin/gpg-agent --write-env-file --no-use-standard-socket --launchd
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.redgiantsoftware.updater.plist
Executable: -a '/Applications/Red Giant Link.app' --args --silent
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.valvesoftware.steamclean.plist
Executable: ~/Library/Application Support/Steam/SteamApps/steamclean Public
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/PACESupport.plist
Executable: /System/Library/Extensions/PACESupportFamily.kext/Contents/Resources/paceload
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.paragon-software.facebook.agent.plist
Executable: /Library/Application Support/Paragon Software/Paragon Software Facebook Agent.app/Contents/MacOS/Paragon Software Facebook Agent
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.adobe.fpsaud.plist
Executable: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.macports.mariadb-server.plist
Executable: /opt/local/lib/mariadb/bin/mysqld
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.macports.rsyncd.plist
Executable: /opt/local/bin/daemondo --label=rsyncd --start-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper start ; --stop-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper stop ; --restart-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper restart ; --pid=fileauto --pidfile /opt/local/var/run/rsyncd.pid
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/org.freedesktop.dbus-session.plist
Executable: /opt/local/bin/dbus-daemon --nofork --session
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.freedesktop.avahi-dnsconfd.plist
Executable: /opt/local/sbin/avahi-dnsconfd
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.paragon-software.ExtFS.fsnotify.daemon.plist
Executable: /Library/PreferencePanes/ParagonExtFS.prefPane/Contents/Resources/com.paragon-s oftware.ExtFS.fsnotify.daemon
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/org.macports.kdecache.plist
Executable: /opt/local/bin/kbuildsycoca4
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.macpaw.CleanMyMac3.Scheduler.plist
Executable: '/Users/***/Library/Application Support/CleanMyMac 3/CleanMyMac 3 Scheduler.app' -F -g -n '/Users/***/Library/Application Support/CleanMyMac 3/CleanMyMac 3 Scheduler.app' --args -scheduled
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.freedesktop.dbus-system.plist
Executable: /opt/local/bin/dbus-daemon --system --nofork
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.paragon-software.ExtFS.fsnotify.agent.plist
Executable: /Library/PreferencePanes/ParagonExtFS.prefPane/Contents/Resources/com.paragon-s oftware.ExtFS.fsnotify.agent.app/Contents/MacOS/com.paragon-software.ExtFS.fsnot ify.agent
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.razer.rzupdater.plist
Executable: /Library/Application Support/Razer/RzUpdater.app/Contents/MacOS/RzUpdater
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.macports.slapd.plist
Executable: /opt/local/bin/daemondo --label=slapd --start-cmd /opt/local/etc/LaunchDaemons/org.macports.slapd/slapd.wrapper start ; --stop-cmd /opt/local/etc/LaunchDaemons/org.macports.slapd/slapd.wrapper stop ; --restart-cmd /opt/local/etc/LaunchDaemons/org.macports.slapd/slapd.wrapper restart ; --pid=none
Details: Exact match found in the whitelist - probably OK
Kernel Extensions:
/Library/Extensions
[Loaded] Apowersoft_AudioDevice.kext (Apowersoft Limited, 1.6.7 - SDK 10.11)
[Not Loaded] NIUSBAudio2DJ.kext (Native Instruments GmbH, 2.6.0 (R82) - SDK 10.8)
[Not Loaded] NIUSBAudioDriver.kext (Native Instruments GmbH, 2.6.0 (R82) - SDK 10.8)
[Not Loaded] NIUSBTraktorKontrolS4.kext (Native Instruments GmbH, 2.8.0 (R36) - SDK 10.9)
[Loaded] com.malwarebytes.mbam.rtprotection.kext (Malwarebytes Corporation, 3.1 - SDK 10.12)
[Loaded] ufsd_ExtFS.kext (Paragon Software GmbH, 10.0.829 - SDK 10.10)
[Not Loaded] RazerHid.kext (Razer USA Ltd., 17.36 - SDK 10.9)
/System/Library/Extensions
[Not Loaded] Soundflower.kext (1.6.6 - SDK 10.6)
[Loaded] SBVirtualMic64.kext (Screaming Bee Inc, 1.1.0 - SDK 10.9)
[Not Loaded] PACESupportFamily.kext (5.9 - SDK 10.6)
/System/Library/Extensions/PACESupportFamily.kext/Contents/PlugIns
[Not Loaded] PACESupportLeopard.kext (5.9 - SDK 10.4)
[Not Loaded] PACESupportPanther.kext (5.9 - SDK 10.-1)
[Loaded] PACESupportSnowLeopard.kext (5.9 - SDK 10.6)
[Not Loaded] PACESupportTiger.kext (5.9 - SDK 10.4)
System Launch Agents:
| [Not Loaded] | 6 Apple tasks |
| [Loaded] | 173 Apple tasks |
| [Running] | 107 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 40 Apple tasks |
| [Loaded] | 170 Apple tasks |
| [Running] | 110 Apple tasks |
| [Other] | 2 Apple tasks |
Launch Agents:
| [Running] | com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2017-09-26) |
| [Running] | com.staticz.soundsiphon.playeragent.plist (Dominic Feira - installed 2017-02-28) |
| [Running] | com.staticz.soundsiphon.inputagent.plist (Dominic Feira - installed 2017-02-28) |
| [Running] | com.razerzone.rzdeviceengine.plist (? 516e794c - installed 2016-11-18) |
| [Running] | org.macports.gpg-agent.plist (? d7ff35ab - installed 2017-04-03) |
| [Not Loaded] | com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-08-02) |
| [Loaded] | org.macosforge.xquartz.startx.plist (? d225a7da - installed 2015-10-16) |
| [Loaded] | com.paragon.updater.plist (Paragon Software GmbH - installed 2016-08-12) |
| [Running] | com.paragon-software.ExtFS.fsnotify.agent.plist (? 3de80f1e - installed 2016-08-12) |
| [Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-06-02) |
| [Loaded] | org.freedesktop.dbus-session.plist (? 132c7c19 - installed 2016-10-16) |
| [Running] | com.razer.rzupdater.plist (? 2bbe2bd1 - installed 2016-11-18) |
| [Loaded] | com.oracle.java.Java-Updater.plist (? ffae8b73 - installed 2016-09-23) |
| [Running] | com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-10-24) |
| [Loaded] | com.paragon-software.facebook.agent.plist (? 95fb0bd4 - installed 2016-08-12) |
| [Not Loaded] | org.macports.kdecache.plist (? 33f2f432 - installed 2017-01-15) |
Launch Daemons:
| [Running] | com.paragon-software.ExtFS.fsnotify.daemon.plist (? 25b4b395 - installed 2016-08-12) |
| [Not Loaded] | org.macports.rsyncd.plist (? 99f2454f - installed 2017-02-26) |
| [Other] | org.macports.mariadb-server.plist (? 196c6a73 - installed 2016-10-09) |
| [Running] | com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-10-24) |
| [Loaded] | com.native-instruments.NativeAccess.Helper2.plist (Native Instruments GmbH - installed 2017-07-16) |
| [Loaded] | com.paragon.ExtFS.launch.plist (Apple - installed 2017-07-15) |
| [Not Loaded] | org.freedesktop.dbus-system.plist (? e1cd8f49 - installed 2016-10-16) |
| [Not Loaded] | org.macports.slapd.plist (? db52dd51 - installed 2017-02-26) |
| [Running] | com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-10-24) |
| [Not Loaded] | org.macports.akonadi.plist (? 10aafeca - installed 2017-01-14) |
| [Loaded] | com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2017-09-26) |
| [Loaded] | com.adobe.fpsaud.plist (? 2afb3af7 - installed 2016-04-16) |
| [Loaded] | com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2016-09-23) |
| [Loaded] | com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2017-05-11) |
| [Not Loaded] | org.freedesktop.avahi-dnsconfd.plist (? 26ad36c9 - installed 2017-02-10) |
| [Loaded] | org.macosforge.xquartz.privileged_startx.plist (? 65395f14 - installed 2015-10-16) |
| [Running] | com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-06-02) |
| [Loaded] | com.macpaw.CleanMyMac3.Agent.plist (MacPaw Inc. - installed 2017-10-01) |
| [Running] | com.staticz.soundsiphon.bridgedaemon.plist (Dominic Feira - installed 2017-02-28) |
| [Loaded] | com.cyberghostsrl.CyberghostPrivilegedHelper.plist (Cyberghost SRL - installed 2016-05-09) |
| [Running] | com.adobe.agmservice.plist (Adobe Systems, Inc. - installed 2018-06-02) |
| [Not Loaded] | com.gopro.stereomodestatus.plist (? ab93fe2f - installed 2014-01-21) |
| [Loaded] | PACESupport.plist (? ab6b5614 - installed 2012-07-11) |
| [Not Loaded] | org.freedesktop.avahi-daemon.plist (? a70df244 - installed 2017-02-10) |
User Launch Agents:
| [Running] | com.spotify.webhelper.plist (Spotify - installed 2018-08-31) |
| [Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-18) |
| [Loaded] | com.valvesoftware.steamclean.plist (? 0 - installed 2018-07-23) |
| [Loaded] | com.redgiantsoftware.updater.plist (? 0 - installed 2016-06-11) |
| [Loaded] | com.macpaw.CleanMyMac3.Scheduler.plist (? 0 - installed 2017-10-01) |
| [Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-06-02) |
User Login Items:
iTunesHelper Programm (Apple - installed 2018-07-10)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
NIHardwareAgent Programm (Native Instruments GmbH - installed 2017-08-26)
(/Library/Application Support/Native Instruments/Hardware/NIHardwareAgent.app)
CleanMyMac 3 Menu Programm (MacPaw Inc. - installed 2017-09-25)
(/Applications/CleanMyMac 3.app/Contents/MacOS/CleanMyMac 3 Menu.app)
NIHostIntegrationAgent Programm (Native Instruments GmbH - installed 2017-08-26)
(/Library/Application Support/Native Instruments/Hardware/NIHostIntegrationAgent.app)
Internet Plug-ins:
FlashPlayer-10.6: (installed 2016-04-23)
Flash Player: (installed 2016-04-23)
QuickTime Plugin: (installed 2017-12-01)
JavaAppletPlugin: (installed 2016-12-04)
AdobeAAMDetect: (installed 2017-09-26)
3rd Party Preference Panes:
Flash Player (installed 2016-04-16)
FUSE for OS X (OSXFUSE) (installed 2016-01-18)
GoPro (installed 2014-01-29)
Java (installed 2016-12-04)
Native Instruments USB Audio (installed 2015-09-18)
Paragon ExtFS for Mac® (installed 2016-09-04)
Time Machine:
Skip System Files:
Mobile backups:
Auto backup: Yes
Volumes being backed up:
S**************h: Disk size: 249.77 GB - Disk used: 242.18 GB
Destinations:
T*********T [Local] (Last used)
Total size: 738.06 GB
Total number of backups: 20
Oldest backup: 2016-03-05 12:24:43
Last backup: 2018-08-30 10:41:11
Top Processes by CPU:
| Process (count) | Source | % of CPU | Location |
| Google Chrome Helper (15) | Google, Inc. | 62 | |
| WindowServer | Apple | 16 | |
| mysqld | ? | 10 | /opt/local/lib/mariadb/bin |
| Google Chrome | Google, Inc. | 8 | |
| kernel_task | Apple | 5 |
Top Processes by Memory:
| Process (count) | Source | RAM usage | Location |
| Google Chrome Helper (15) | Google, Inc. | 1.85 GB | |
| kernel_task | Apple | 771 MB | |
| mdworker (14) | Apple | 416 MB | |
| Adobe CEF Helper (3) | Adobe Systems, Inc. | 320 MB | |
| Google Chrome | Google, Inc. | 272 MB |
Top Processes by Network Use:
| Process | Source | Input | Output | Location |
| mDNSResponder | Apple | 132 KB | 15 KB | |
| apsd | Apple | 13 KB | 22 KB | |
| netbiosd | Apple | 3 KB | 870 B | |
| ntpd | Apple | 336 B | 336 B | |
| SystemUIServer | Apple | 0 B | 64 B |
Top Processes by Energy Use:
| Process (count) | Source | Energy (0-100) | Location |
| Google Chrome Helper (15) | Google, Inc. | 19 | |
| WindowServer | Apple | 6 | |
| Google Chrome | Google, Inc. | 4 | |
| coreaudiod | Apple | 1 | |
| Adobe CEF Helper (3) | Adobe Systems, Inc. | 1 |
Virtual Memory Information:
| Available RAM | 2.72 GB |
| Free RAM | 61 MB |
| Used RAM | 5.28 GB |
| Cached files | 2.66 GB |
| Swap Used | 0 B |
Software Installs (past 30 days):
| Name | Version | Install Date |
| Gatekeeper Configuration Data | 153 | 2018-08-27 |
Clean up:
/Library/LaunchDaemons/com.gopro.stereomodestatus.plist
/Applications/GoPro/Tools/StereoModeStatus.app/Contents/MacOS/StereoModeStatus
Executable not found
Diagnostics Information (past 7 days):
2018-08-31 17:15:41 RzDeviceEngine.app Crash (7 times)
/Library/Application Support/Razer/RzDeviceEngine.app
2018-08-31 16:14:08 Traktor.app CPU (2 times)
/Applications/Native Instruments/*/Traktor.app
2018-08-30 05:36:42 bird Crash (2 times)
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/b ird
BUG IN CLIENT OF LIBDISPATCH: Over-resume of an object |
2018-08-29 21:23:09 backupd CPU
/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd
End of report
Thanks for your Help <3
MacBook Air, iOS 10.2.1
