My ISP blocked the internet and redirected me to the website describing that my PC attempted to connect blacklisted IP and seems to be infected by Houdini RAT. There were 135 attempts to connect to blacklisted IP, first one starting at 2020-03-20 21:54, which based on my browser history is the day I decided to flash new ROM to my phone and had to download some wonky apps to flash via PC (softbricked phone would not go into recovery or let me reflash it itself). This probably resulted in some random virus being bundled with app... I do my best to prevent infections because I don't use antivirus. I scanned all apps via virustotal.com and all were fine. If that's not the source of infection then I have no idea. The phone is fine, the PC seems to be not. I didn't encounter any weird issues. I check CPU/mem/network usage frequently, I don't see any weird processes as well.
Can you please check out if there is something hidden in the logs that I missed? I quickly peeked into logs and didn't find any apps that I don't remember installing or don't consider system apps. There were some weird files though. Bitdefender scan couldn't access like 5 or so files located at "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ib2E15.tmp" - there is no permission to even check the ownership/files. I can't take ownership of them and they appear to be 0 kB, perhaps these are virus files? There is no way temp files are THAT secure.
Malwarebytes didn't find anything apart from NOUAC being on, miner files that are deleted now just in case, and Cheat Engine file, all being "PUP.Optional" or "RiskWare" so pretty safe AND I know them all.
If you need additional logs, let me know.
It would be cool if you helped me get rid of all the "leftovers" after using the system for 3 years, there are some trash leftovers like "Thunder Network" or "xhunter1" that I don't know etc.
FRST.txt
Addition.txt
Shortcut.txt
Bitdefender scan logs.txt