Jump to content

pejot92

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, Some time ago, lets say month ago, my computer started to act strange for example CPU fan was always on high RPM, anytime I tried to check what cause high CPU usage when I entered task manager there were cpu usage at 9%-10%. But I had a feeling that something strange is going on. Also i had some strange services running on my PC for example if normal Service name is Print Server I had this service stopped and there was another one "PrintServer_a8xdc6dsa" something like that. Also i found out that some strange firewall rules are being added to my firewall using ports from 50000-59999. I also found that I have a lot of network services running, also some "network accounts?" I was unable fo find those sessions trying with cmd -> Query session ID. I was able to find only my session. Also my computer was redirecting all my network queries to those strange ports for example when I was using internet port 80 i checked with wire shark that its being redirected to 5xxxx port. I reinstalled Windows and everyting was okay until yesterday. I was checking my CPU usage once again because of computer being slow etc. CPU usage was again on low level but i found in processes that I have a lot of svchost.exe instances running some of them were local, some of them were Network services related. Conclusion: I think my computer was hacked and used as a part of botnet? Or kind of bitcoin miner, also in registry under Windows profiles i had some strange keys with chinese letters. I reformatted computer today again and I didn't even connected to internet. I downloaded farbar and here are my results, do You guys see anything suspicious? Also I have to confess that I have 5 hard drives and I reformatted only one of them because I can't aford to lose data from those drives. Also I had a feeling that my svchost.exe from Windows/System32 is corrupted and also other .exe files from this directory - because they were executed with strange commands added such as -NetsvcUser and such staff. Could someone please look into logs and check for anything suspicious? FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.