Hello,
Some time ago, lets say month ago, my computer started to act strange for example CPU fan was always on high RPM, anytime I tried to check what cause high CPU usage when I entered task manager there were cpu usage at 9%-10%. But I had a feeling that something strange is going on. Also i had some strange services running on my PC for example if normal Service name is Print Server I had this service stopped and there was another one "PrintServer_a8xdc6dsa" something like that. Also i found out that some strange firewall rules are being added to my firewall using ports from 50000-59999. I also found that I have a lot of network services running, also some "network accounts?" I was unable fo find those sessions trying with cmd -> Query session ID. I was able to find only my session. Also my computer was redirecting all my network queries to those strange ports for example when I was using internet port 80 i checked with wire shark that its being redirected to 5xxxx port.
I reinstalled Windows and everyting was okay until yesterday. I was checking my CPU usage once again because of computer being slow etc. CPU usage was again on low level but i found in processes that I have a lot of svchost.exe instances running some of them were local, some of them were Network services related.
Conclusion: I think my computer was hacked and used as a part of botnet? Or kind of bitcoin miner, also in registry under Windows profiles i had some strange keys with chinese letters. I reformatted computer today again and I didn't even connected to internet. I downloaded farbar and here are my results, do You guys see anything suspicious? Also I have to confess that I have 5 hard drives and I reformatted only one of them because I can't aford to lose data from those drives. Also I had a feeling that my svchost.exe from Windows/System32 is corrupted and also other .exe files from this directory - because they were executed with strange commands added such as -NetsvcUser and such staff.
Could someone please look into logs and check for anything suspicious?
FRST.txt
Addition.txt