It depends upon the threat model. If the attacker doesn't know that you're checking hashes you're golden, any checking will work. If the attacker owns your system the only thing that may work is offline checking.
With respect to your first point, you're right that once a system is owned you can't trust it for anything, but you could take out the drive and compare the changes offline. You could use this to diagnose an attack. Additionally you could run from read-only media, like a DVD that was burned previously, it wouldn't stop all attacks, but again, depending upon the thread model would stop some.
Regarding the second point, if you trust the checksum calculator you could just move the hashes to the "checking machine". Note that a motivated attacker could give you "pristine" copies of the files to ship remotely while running the modified ones locally or even give the pristine copy to the local checker while running modified ones in all others cases, if they have enough privilege.