How can I see if incoming traffic hackers have deleted files on my computer?

[REDACTED]

I miss some directories and files from a couple of days ago.

It certainly was not me who deleted them, I edited the files and I still need them.

I would already be happy with a log file that showed all incoming traffic that passed the AVAST PRO Firewall.

Even better would be to know a log of all changes on the windows file system and which IP's did them. Does something like that exists in windows 10?

Moreover is this suspect? Why would my ISP change each day the Firewall mode to Public/High Risk Zone (according to AVAST PRO Firewall Log "rules")

[Pondus]

If you want a computer check from a malware expert, then follow instructions here and attach requested logs

https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Thanks I have done this procedure before a year ago or something, for another issue, gave interesting results though.

But I don't think its a virus, because it specifically deleted my most important recent files, like someone is monitoring my computer and knows what to delete.

That's why I call it incoming traffic hackers.

Please tell me if there is an AVAST or windows log file I can check for suspicious incoming traffic AND (ideally) for corresponding suspicious changes to the windows file system.

 Ideally I would see, if such a log file exists, that an IP address (not my own) deleted these files.

HOW CAN I GET PROOF THAT SOMEONE ELSE (HACKERS) DELETED THE FILES???

[Pondus]

But I don't think its a virus, because it specifically deleted my most important recent files, like someone is monitoring my computer and knows what to delete.

If so it may be seen it the diagnostic logs ..... so, attach logs   


are you the only one with access to that computer?

[REDACTED]

Yes I'm the only user and my computer is in a locked room.

Where can I find diagnostic log files in AVAST Pro?

[Pondus]

Yes I'm the only user and my computer is in a locked room.

Where can I find diagnostic log files in AVAST Pro?

Not avast ... Logs from the link i posted above

scroll down to second picture > Farbar Recovery Scan Tool < run it as instructed and attach the two logs here in this topic

[REDACTED]

Thank you for looking into this issue. So I want to know if "incoming traffic hackers" can have deleted some recent important files. And if you have evidence or maybe even proof of such a thing please explicitly say so in writing in this forum post!!! And please say also how one can see this (or what to look for).

Here are the scan logs.

[REDACTED]

Moreover is this suspect? Why would my ISP change each day the Firewall mode to Public/High Risk Zone (according to AVAST PRO Firewall Log "rules")

(my own quote)

I remembered it wrong, I now work on a computer without AVAST, so I could not check before, It says Firewall changed mode, seems to be done at every windows restart, even when computer is not plugged in to the internet, could be an automatically entry in log file only triggered by booting windows, strange though that it remembers the ISP specification even when not plugged in. I never used password protected WIFI under this AVAST/windows by the way, windows does not know the password, never entered it there

[Eddy]

I would already be happy with a log file that showed all incoming traffic that passed the AVAST PRO Firewall.

You can check the avast firewewall log, but I doubt everything will be in it if you don't have it set to verbose logging.

Even better would be to know a log of all changes on the windows file system and which IP's did them

A IP does not change things and even has nothing to do with files.

Why would my ISP change each day the Firewall mode to Public/High Risk Zone (according to AVAST PRO Firewall Log "rules")

A ISP doesn't change things like that.
They don't even have access to the settings unless you give them remote access or something like that.

HOW CAN I GET PROOF THAT SOMEONE ELSE (HACKERS) DELETED THE FILES???

Hire a forensic IT security company like Fox-IT
They are right around the corner (Delft)
https://www.fox-it.com/nl/

[REDACTED]

They don't even have access to the settings unless you give them remote access or something like that.

I corrected my "misinterpretation / wrong remembering" of the log entry in my last post by the way. Please read this last post, because its strange that the entry shows up even when computer is unplugged from the internet and it can't be connected by WIFI because windows does not know the WIFI key, never connected windows with WIFI, moreover Chrome browser says "no internet connection"

EDDY PLEASE COMMENT ON THIS ONE! 

[Eddy]

We can only comment/respond to what you tell us.
If you remembered the log entry wrong and posted the wrong info here, doesn't change anything about what I said.

[REDACTED]

We can only comment/respond to what you tell us.
If you remembered the log entry wrong and posted the wrong info here, doesn't change anything about what I said.

Strange you seem not to read very carefully, and reply at random 

[Pondus]

Essexboy will be online (usually) after 15:00 european time and check your logs   

[REDACTED]

Essexboy will be online (usually) after 15:00 european time and check your logs   

What I don't understand of the logs:
FRST.txt has an entry for FireFox with lots of plugins and  addons, I dont find FireFox in my windows programs search, I never installed it under windows 10, I have it on my UBUNTU Live USB stick which always is plugged in, even if I start from windows from SSD C: drive. Could be too in and old "Program Files" directory on D: drive from windows 7, 8 or 8.1 times, which is not active anymore (I have now as I said before windows 10)
ADDITION.txt warns 12 times in scheduled tasks for "... no file <==== ATTENTION"

PS: I see now that FireFox entries are all from plugins on the C: drive (Strange!!! What are they doing there?)

[essexboy]

The only way I could see someone getting in would be either through Citrix or G2M

When you finish with the computer do you shut down or engage the firewall lock