mac_system_check.sh

{ 
 echo "Loaded kernel extensions:";
 kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}';
 echo $'\n'"Loaded user agents:";
 launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}';
 echo $'\n'"Inserted libraries:";
 launchctl getenv DYLD_INSERT_LIBRARIES;
 echo $'\n'"User cron tasks:";
 crontab -l;
 echo $'\n'"System launchd configuration:";
 cat /e*/lau*;
 echo $'\n'"User launchd configuration:";
 cat .lau*;
 echo $'\n'"Login items:";
 osascript -e 'tell application "System Events" to get name of login items';
 echo $'\n'"Extrinsic loadable bundles:";
 cd;
 find -L /S*/L*/E* {,/}L*/{Ad,Compon,Ex,In,Keyb,Mail/Bu,P*P,Qu,Scripti,Servi,Spo}* -type d -name Contents -prune | while read d;
 do /usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "$d/Info.plist" | egrep -qv "^com\.apple\.[^x]|Accusys|ArcMSR|ATTO|HDPro|HighPoint|driver\.stex|hp-fax|JMicron|print|SoftRAID" && echo ${d%/Contents};
 done;
# echo $'\n'"Unsigned shared libraries:";
# find /u*/{,*/}lib -type f -exec sh -c 'file -b $1 | grep -qw shared && ! codesign -v $1' {} {} \;
 -print;
 echo;
 ls -A {,/}L*/{Launch,Priv,Sta}*;
 } 2> /dev/null
 
{
echo "Loaded system agents:"; 
sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}';
echo $'\n'"Login hook:";
sudo defaults read com.apple.loginwindow LoginHook;
echo $'\n'"Root cron tasks:";
sudo crontab -l;
echo $'\n'"Log check:";
syslog -k Sender kernel -k Message CReq 'GPU |hfs: Ru|I/O e|find tok|n Cause: -|NVDA\(|pagin|timed? ?o' | tail;
} 2> /dev/null

Loaded kernel extensions:

Loaded user agents:
com.google.keystone.user.xpcservice
cn.better365.AutoSwitchInputProHelper
com.if.Amphetamine
codes.rambo.AirBuddyHelper
io.fig.uninstall
88L2Q4487U.com.tencent.WeWorkMac.IPCHelper
5A4RE8SF68.com.tencent.xinWeChat.IPCHelper
com.openssh.ssh-agent
io.fig.launcher
com.dwarvesv.LauncherApplication
andriiliakh.InstantTranslateHelper
com.microsoft.OneDriveLauncher
Y93TK974AT.com.bjango.istatmenus.status.mas
application.com.tencent.xinWeChat.MiniProgram.8451594.8451638.70F5571B-0F77-47B4-966C-DD4D5CEDD0EC
Y93TK974AT.com.bjango.istatmenus.agent.mas
com.tapbots.Pastebot2Mac.LaunchHelper
io.fig.dotfiles-daemon
com.app.menubarx-helper
com.google.keystone.user.agent
com.lwouis.alt-tab-macos
application.cewd.E51EA5D5-26A8-4601-8096-B7FFB000FEFB
com.sindresorhus.Pure-Paste-LaunchAtLoginHelper
com.NeilSardesai.Pictogram-Helper

Inserted libraries:

User cron tasks:

System launchd configuration:

User launchd configuration:

Login items:
Remote for Mac, DarkModeBuddy, Dash, Displaperture, LinearMouse, ExpressVPN Launcher

Extrinsic loadable bundles:

/Library/LaunchAgents:
com.teamviewer.teamviewer.plist		com.teamviewer.teamviewer_desktop.plist

/Library/LaunchDaemons:
com.bjango.istatmenus.helper.mas.plist
com.expressvpn.expressvpnd.plist
com.teamviewer.Helper.plist
com.teamviewer.teamviewer_service.plist
com.west2online.ClashXPro.ProxyConfigHelper.plist

/Library/PrivilegedHelperTools:
com.teamviewer.Helper
com.west2online.ClashXPro.ProxyConfigHelper

/Library/StagedDriverExtensions:

/Library/StagedExtensions:

/Library/StartupItems:

Library/LaunchAgents:
codes.rambo.AirBuddyHelper.plist	io.fig.dotfiles-daemon.plist
com.google.keystone.agent.plist		io.fig.launcher.plist
com.google.keystone.xpcservice.plist	io.fig.uninstall.plist
com.lwouis.alt-tab-macos.plist

Library/Staging:

Library/StatusKit:
database
Loaded system agents:
Password:
com.expressvpn.expressvpnd
com.west2online.ClashXPro.ProxyConfigHelper
com.bjango.istatmenus.helper.mas
com.teamviewer.Helper

Login hook:

Root cron tasks:

Log check:

Loaded kernel extensions:

Loaded user agents:
com.nssurge.surge-mac.helper
com.docker.helper
fans
org.cups.cupsd
com.openssh.sshd
org.wireshark.ChmodBPF
com.vix.cron
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.bjango.istatmenus.daemon
com.bjango.istatmenus.installerhelper
com.intuitibits.airtool2.airtool-bpf
com.microsoft.autoupdate.helper

Inserted libraries:

User cron tasks:

System launchd configuration:

User launchd configuration:

Login items:
FigmaAgent, Elpass, Dash, Alfred 4, Spark, iTerm, Keyboard Maestro Engine, Surge, Dropbox, Stickies, Rectangle

Extrinsic loadable bundles:
/Library/Input Methods/SogouInput.app
/Library/QuickLook/SogouSkinFileQuickLook.qlgenerator

/Library/LaunchAgents:
com.bjango.istatmenus.agent.plist com.sogou.SogouServices.plist
com.bjango.istatmenus.status.plist com.sogou.SogouTaskManager.plist
com.microsoft.update.agent.plist

/Library/LaunchDaemons:
com.apple.installer.osmessagetracing.plist
com.bjango.istatmenus.daemon.plist
com.bjango.istatmenus.fans.plist
com.bjango.istatmenus.installerhelper.plist
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper.plist
com.intuitibits.airtool2.airtool-bpf.plist
com.microsoft.autoupdate.helper.plist
com.nssurge.surge-mac.helper.plist
org.wireshark.ChmodBPF.plist
com.docker.vmnetd.plist

/Library/PrivilegedHelperTools:
com.bjango.istatmenus.installerhelper
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.microsoft.autoupdate.helper
com.nssurge.surge-mac.helper
com.docker.vmnetd

/Library/StagedDriverExtensions:

/Library/StagedExtensions:

/Library/StartupItems:

Library/LaunchAgents:
com.DigiDNA.iMazing2Mac.Mini.plist com.nuebling.mac-mouse-fix.helper.plist
com.dropbox.DropboxMacUpdate.agent.plist com.valvesoftware.steamclean.plist
com.google.keystone.agent.plist io.fig.launcher.plist
com.google.keystone.xpcservice.plist io.fig.uninstall.plist

Library/Private Documents:
CTGlobalCache

Library/Staging:

Library/StatusKit:
database
Loaded system agents:
com.nssurge.surge-mac.helper
fans
org.wireshark.ChmodBPF
com.daisydiskapp.DaisyDiskStandAlone.AdminHelper
com.bjango.istatmenus.daemon
com.bjango.istatmenus.installerhelper
com.intuitibits.airtool2.airtool-bpf
com.microsoft.autoupdate.helper
com.docker.vmnetd

Login hook:

Root cron tasks:

Log check: