Main question is: How do I know if I have been hacked?

http://blog.crowdstrike.com/sysmon-2/

http://joshuadlewis.blogspot.fr/2014/10/advanced-threat-detection-with-sysmon_74.html

additional resources on this blog: http://wp.me/p15Zft-od

and some other links:  http://www.computerforensicsworld.com/, http://www.forensics.nl/links

The first step is to scan your computer with a Rootkit detector. Our download section has numerous Rootkit scanners available with some being listed below:

Toolkit to help you:

– Volatility: http://www.volatilityfoundation.org/

– Crowdstrike: http://www.crowdstrike.com/community-tools/index.html

– McAfee foundstone free tools: http://www.mcafee.com/us/downloads/free-tools/index.aspx

– Powershell windows forensics: https://github.com/Invoke-IR/PowerForensics

– Powershell windows forensics: https://github.com/gfoss/PSRecon

-Powershell windows forensics: https://github.com/davehull/Kansa

http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/

– forensic toolkits: http://www.sleuthkit.org/, http://sourceforge.net/projects/autopsy/

– online scanning: http://www.virustotal.com

-Windows event logs

– Windows safe mode ! (autoruns from sysinternals to detect not well known application/services)

– autoruns,procexp,procmon,tcpview,handles,psloggedon  (http://www.microsoft.com/sysinternals)

– treesize pro (http://www.jam-software.com/treesize/)

– closethedoor (http://sourceforge.net/projects/closethedoor/)

– Wireshark (https://www.wireshark.org/download.html) or Microsoft Message Analyzer (http://www.microsoft.com/en-us/download/details.aspx?id=40308)

– nmap: http://nmap.org/download.html#windows

– traceroute: http://www.net.princeton.edu/traceroute.html