Diego T. Posted January 2, 2023 Share Posted January 2, 2023 I believe that my Windows laptop and Macbook have been hacked by an uknown identity. I would suggest that the ones that manage this forum find out if my user name and password has been used to access this site outside of NYC, Can you guys tell me anything about payloads? thanks. Quote Link to comment Share on other sites More sharing options...
Administrator Matt Posted January 2, 2023 Administrator Share Posted January 2, 2023 @Diego T. You do not have any antivirus installed on your machines? vyzzer, rahuldohare and kyber 3 Quote Link to comment Share on other sites More sharing options...
vyzzer Posted January 2, 2023 Share Posted January 2, 2023 2 hours ago, Diego T. said: Can you guys tell me anything about payloads? thanks. Try reading this: https://www.esecurityplanet.com/threats/how-hackers-use-payloads-to-take-over-your-machine Regards. Melgas, haris_sane69 and kyber 3 Quote Link to comment Share on other sites More sharing options...
kasper Posted January 2, 2023 Share Posted January 2, 2023 with that hacking it would be possible to verify on windows download program HijackThis https://sourceforge.net/projects/hjt/ 1. Create a Hijackthis folder on the system disk, put the downloaded file in this folder 2. Start HijackThis and in the program window click on the bar- Do a system scan and save a logfile and wait ... 3.After a while, the Notepad window will pop up with a statement of HJT. We will copy this statement and send it to me via a private message or copy it to the post bigbrother and funkyy 2 Quote Link to comment Share on other sites More sharing options...
UpGrade Posted January 2, 2023 Share Posted January 2, 2023 can you tell us more about your suspicions ? What makes you believe you have been hacked. We can give more detailed information on how / what / where to look in your machines but more info would help Quote Link to comment Share on other sites More sharing options...
Diego T. Posted January 8, 2023 Author Share Posted January 8, 2023 Here we go... Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 8:45:09 AM, on 1/8/2023 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.22621.0001) Boot mode: Normal Running processes: C:\WINDOWS\System32\spacedeskServiceTray.exe C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe C:\Program Files (x86)\Ant Download Manager\AntDM.exe C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe C:\Users\levia\Downloads\Programs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.76\BHO\ie_to_edge_bho.dll O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\levia\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_9A12ADD83258F09A08B5F733455CDD3C] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 O4 - HKCU\..\Run: [AntDM] C:\Program Files (x86)\Ant Download Manager\AntDM.exe O4 - HKCU\..\Run: [AMDNoiseSuppression] "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing) O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\atiesrxx.exe O23 - Service: AMD Log Utility - Unknown owner - C:\WINDOWS\System32\amdlogsr.exe (file missing) O23 - Service: AMD User Experience Program Data Uploader (AUEPLauncher) - AMD - C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe O23 - Service: Brave Update Service (brave) (brave) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe O23 - Service: Brave Elevation Service (BraveElevationService) (BraveElevationService) - Unknown owner - C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.153\elevation_service.exe (file missing) O23 - Service: Brave Update Service (bravem) (bravem) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing) O23 - Service: CredentialEnrollmentManagerUserSvc_6f4e4 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ehttpsrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\108.0.5359.125\elevation_service.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Comm Recovery (HP Comm Recover) - HP Inc. - C:\Program Files\HPCommRecovery\HPCommRecovery.exe O23 - Service: @oem131.inf,%ServiceAppHelperDesc%;HP App Helper HSA Service (HPAppHelperCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\AppHelperCap.exe O23 - Service: @oem131.inf,%ServiceDiagsDesc%;HP Diagnostics HSA Service (HPDiagsCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\DiagsCap.exe O23 - Service: @oem131.inf,%ServiceNetworkDesc%;HP Network HSA Service (HPNetworkCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\NetworkCap.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @oem131.inf,%ServiceSysInfoDesc%;HP System Info HSA Service (HPSysInfoCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\SysInfoCap.exe O23 - Service: @oem154.inf,%hpanalyticscomp%;HP Analytics service (HpTouchpointAnalyticsService) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_970b3aa928c32e35\x64\TouchpointAnalyticsClientService.exe O23 - Service: HPWMISVC - HP Inc. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @oem153.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\Sgrm\SgrmBroker.exe (file missing) O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: spacedeskService - Unknown owner - C:\WINDOWS\System32\spacedeskService.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @oem75.inf,%SynTPEnhService.SVCDESC%;SynTPEnhService (SynTPEnhService) - Unknown owner - C:\WINDOWS\System32\SynTPEnhService.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10898 bytes Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.