This can all happen without your knowledge in the background of your computer, and this is what makes Trojans such a popular and successful way for hackers to gain access to your system.
How do you get a Trojan? Actually, you inadvertently install a Trojan by running an infected executable program on your system. Trojans take advantage of the fact that so many programs that we use process other things in the background. Additionally, the executable programs come disguised as pictures of a "friend," as funny multimedia clips, as mini programs that offer some helpful tool, and the like. This makes it very important to never download or run programs from someone you don't trust implicitly, or that are not from a trusted web resource.
The two most common Trojans are Remote Access Trojans and Password Sending Trojans. The Remote Access Trojans are probably the most publicly used Trojans, simply because they give the attackers the power to do more things on the victim's machine than the victim himself, while standing in front of the machine. The idea of these Trojans is to give the attacker COMPLETE access to someone's machine, and therefore access to files, private conversations, accounting data, etc.
The purpose of the Password Sending Trojans is to rip all cached passwords and also look for other passwords you're entering. It then sends them to a specific mail address without the user noticing anything. Passwords for any application that require a user to enter a login+password are being sent back to the attacker's e-mail address.