Q: detect key logger, screen capture, spyware on mac @linc davis

Linc or any other forensics master - can you guys take a look if there is anything strange on this mac?  I run the terminal commands you recommended.  Please.  Appreciated.

drazeks-MacBook-Pro-2:~ drazek$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

drazeks-MacBook-Pro-2:~ drazek$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

com.adobe.versioncueCS4

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.oracle.java.Helper-Tool

com.adobe.fpsaud

drazeks-MacBook-Pro-2:~ drazek$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.google.Chrome.92332

com.adobe.CS4ServiceManager

org.mozilla.firefox.49164

jp.co.canon.cijscannerregister.86368

com.microsoft.Word.56832

com.google.keystone.system.agent

com.jdibackup.ZipCloud.autostart

com.oracle.java.Java-Updater

com.getdropbox.dropbox.80120

com.rpatechnology.mobilemouse.61944

com.jdibackup.ZipCloud.notify

com.adobe.dreamweaver-10.0.40360

com.divx.update.agent

com.microsoft.autoupdate.fba.86652

com.divx.dms.agent

drazeks-MacBook-Pro-2:~ drazek$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

EPSONUSBPrintClass.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

DivX Toolkit.framework

DivXInstallerUtilities.framework

EWSMac.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

DivX Web Player.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Flip4Mac WMV Plugin.webplugin

JavaAppletPlugin.plugin

LogitechHarmony.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

SnagitSafariScroller.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.CS4ServiceManager.plist

com.divx.dms.agent.plist

com.divx.update.agent.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.adobe.versioncueCS4.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

JavaControlPanel.prefPane

VersionCueCS4.prefPane

/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

eurof35.ttf

eurof36.ttf

eurof55.ttf

eurof56.ttf

eurof75.ttf

eurof76.ttf

Library/Frameworks:

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

ZoomUsPlugIn.plugin

Library/Keyboard Layouts:

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.apple.CSConfigDotMacCert-drazek@me.com-SharedServices.Agent.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.jdibackup.ZipCloud.autostart.plist

com.jdibackup.ZipCloud.notify.plist

Library/PreferencePanes:

Library/Services:

.localized

drazeks-MacBook-Pro-2:~ drazek$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Mobile Mouse Server, BitTorrent, Dropbox, Google Chrome

drazeks-MacBook-Pro-2:~ drazek$