User profile for user: drazek73
drazek73 Author
User level: Level 1
9 points

detect key logger, screen capture, spyware on mac @linc davis

Linc or any other forensics master - can you guys take a look if there is anything strange on this mac? I run the terminal commands you recommended. Please. Appreciated.


drazeks-MacBook-Pro-2:~ drazek$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

drazeks-MacBook-Pro-2:~ drazek$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.


To proceed, enter your password, or type Ctrl-C to abort.


Password:

com.adobe.versioncueCS4

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.oracle.java.Helper-Tool

com.adobe.fpsaud

drazeks-MacBook-Pro-2:~ drazek$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.google.Chrome.92332

com.adobe.CS4ServiceManager

org.mozilla.firefox.49164

jp.co.canon.cijscannerregister.86368

com.microsoft.Word.56832

com.google.keystone.system.agent

com.jdibackup.ZipCloud.autostart

com.oracle.java.Java-Updater

com.getdropbox.dropbox.80120

com.rpatechnology.mobilemouse.61944

com.jdibackup.ZipCloud.notify

com.adobe.dreamweaver-10.0.40360

com.divx.update.agent

com.microsoft.autoupdate.fba.86652

com.divx.dms.agent

drazeks-MacBook-Pro-2:~ drazek$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/**,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:


/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

EPSONUSBPrintClass.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

DivX Toolkit.framework

DivXInstallerUtilities.framework

EWSMac.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

Default Browser.plugin

DivX Web Player.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Flip4Mac WMV Plugin.webplugin

JavaAppletPlugin.plugin

LogitechHarmony.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

SnagitSafariScroller.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin


/Library/Keyboard Layouts:


/Library/LaunchAgents:

com.adobe.CS4ServiceManager.plist

com.divx.dms.agent.plist

com.divx.update.agent.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist


/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.adobe.versioncueCS4.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist


/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

JavaControlPanel.prefPane

VersionCueCS4.prefPane


/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper


/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax


/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle


Library/Fonts:

eurof35.ttf

eurof36.ttf

eurof55.ttf

eurof56.ttf

eurof75.ttf

eurof76.ttf


Library/Frameworks:

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

ZoomUsPlugIn.plugin


Library/Keyboard Layouts:


Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm


Library/LaunchAgents:

com.apple.CSConfigDotMacCert-drazek@me.com-SharedServices.Agent.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.jdibackup.ZipCloud.autostart.plist

com.jdibackup.ZipCloud.notify.plist


Library/PreferencePanes:


Library/Services:

.localized

drazeks-MacBook-Pro-2:~ drazek$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Mobile Mouse Server, BitTorrent, Dropbox, Google Chrome

drazeks-MacBook-Pro-2:~ drazek$

MacBook Pro, iOS 8.4.1

Posted on Sep 12, 2015 8:17 AM

Reply
16 replies

There are no replies.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

detect key logger, screen capture, spyware on mac @linc davis

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up