I have been hacked

[Diego T.]

I believe that my Windows laptop and Macbook have been hacked by an uknown identity. I would suggest that the ones that manage this forum find out if my user name and password has been used to access this site outside of NYC,

Can you guys tell me anything about payloads? thanks.

[Matt]

@Diego T. You do not have any antivirus installed on your machines? 

[vyzzer]

2 hours ago, Diego T. said:

Can you guys tell me anything about payloads? thanks.

 

Try reading this: 

 

https://www.esecurityplanet.com/threats/how-hackers-use-payloads-to-take-over-your-machine

 

Regards.

[kasper]

with that hacking it would be possible to verify on windows

 

download program HijackThis https://sourceforge.net/projects/hjt/ 1. Create a Hijackthis folder on the system disk, put the downloaded file in this folder 2. Start HijackThis and in the program window click on the bar- Do a system scan and save a logfile and wait ... 3.After a while, the Notepad window will pop up with a statement of HJT. We will copy this statement and send it to me via a private message or copy it to the post 

[UpGrade]

can you tell us more about your suspicions ? What makes you believe you have been hacked. We can give more detailed information on how / what / where to look in your machines but more info would help 

[Diego T.]

Here we go...

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:45:09 AM, on 1/8/2023
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\spacedeskServiceTray.exe
C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe
C:\Program Files (x86)\Ant Download Manager\AntDM.exe
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe
C:\Users\levia\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.76\BHO\ie_to_edge_bho.dll
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\levia\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_9A12ADD83258F09A08B5F733455CDD3C] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [AntDM] C:\Program Files (x86)\Ant Download Manager\AntDM.exe
O4 - HKCU\..\Run: [AMDNoiseSuppression] "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe"
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\atiesrxx.exe
O23 - Service: AMD Log Utility - Unknown owner - C:\WINDOWS\System32\amdlogsr.exe (file missing)
O23 - Service: AMD User Experience Program Data Uploader (AUEPLauncher) - AMD - C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe
O23 - Service: Brave Update Service (brave) (brave) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: Brave Elevation Service (BraveElevationService) (BraveElevationService) - Unknown owner - C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.153\elevation_service.exe (file missing)
O23 - Service: Brave Update Service (bravem) (bravem) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_6f4e4 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\108.0.5359.125\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Comm Recovery (HP Comm Recover) - HP Inc. - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service: @oem131.inf,%ServiceAppHelperDesc%;HP App Helper HSA Service (HPAppHelperCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\AppHelperCap.exe
O23 - Service: @oem131.inf,%ServiceDiagsDesc%;HP Diagnostics HSA Service (HPDiagsCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\DiagsCap.exe
O23 - Service: @oem131.inf,%ServiceNetworkDesc%;HP Network HSA Service (HPNetworkCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\NetworkCap.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @oem131.inf,%ServiceSysInfoDesc%;HP System Info HSA Service (HPSysInfoCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9b42a3e82673e3bb\x64\SysInfoCap.exe
O23 - Service: @oem154.inf,%hpanalyticscomp%;HP Analytics service (HpTouchpointAnalyticsService) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_970b3aa928c32e35\x64\TouchpointAnalyticsClientService.exe
O23 - Service: HPWMISVC - HP Inc. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @oem153.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\Sgrm\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: spacedeskService - Unknown owner - C:\WINDOWS\System32\spacedeskService.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem75.inf,%SynTPEnhService.SVCDESC%;SynTPEnhService (SynTPEnhService) - Unknown owner - C:\WINDOWS\System32\SynTPEnhService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10898 bytes