Unknown traffic

Hi

I have looked at my computer, because: The computer starts over 5 minutes. Internet Explorer 8 freezes for some sites.

I want to check, is related to an unknown contact, anti-virus (Avast Free version: 7.0.1426) activity.

I want to check this, because the malware should not be. Examining the many different software.

Below is an example of traffic. None of the actual program is not running. Except of course CurrPorts a degree traffic. A firewall is ZoneAlarm Free Firewall version: 10.1.065.000.

23.3.2012 1:06:30 Added AvastSvc.exe TCP 192.168.178.25:1129 62.109.145.92:80
23.3.2012 1:06:50 Removed AvastSvc.exe TCP 192.168.178.25:1129 62.109.145.92:80
23.3.2012 1:09:30 Added AvastSvc.exe TCP 192.168.178.25:1137 62.109.145.92:80
23.3.2012 1:09:50 Removed AvastSvc.exe TCP 192.168.178.25:1137 62.109.145.92:80
23.3.2012 1:11:00 Added svchost.exe UDP 192.168.178.25:68 :
23.3.2012 1:11:10 Removed svchost.exe UDP 192.168.178.25:68 :
23.3.2012 1:12:00 Added AvastSvc.exe TCP 192.168.178.25:1145 62.109.145.92:80
23.3.2012 1:12:20 Removed AvastSvc.exe TCP 192.168.178.25:1145 62.109.145.92:80
23.3.2012 1:15:10 Added AvastSvc.exe TCP 192.168.178.25:1153 195.39.12.52:80
23.3.2012 1:22:50 Added Unknown TCP 192.168.178.25:1157 209.87.211.146:443
23.3.2012 1:23:20 Removed Unknown TCP 192.168.178.25:1157 209.87.211.146:443
23.3.2012 1:35:20 Removed AvastSvc.exe TCP 192.168.178.25:1153 195.39.12.52:80
23.3.2012 1:38:00 Added AvastSvc.exe TCP 192.168.178.25:1175 195.39.12.52:80
23.3.2012 1:58:10 Removed AvastSvc.exe TCP 192.168.178.25:1175 195.39.12.52:80

If Internet Explorer is used, is unknown to a lot of traffic.

Is it from that unknown traffic, worry, or is it normal?

Hi mpiso,

Follow instructions mentioned here: http://forum.avast.com/index.php?topic=53253.0
A qualified remover will come to analyze the logs and assist you,

polonus

The interesting fact that the unknown process is going to a zonealarm IP address. You would have thought that it could recognise its own processes/connections.

I hope I understood the instructions correctly. Here are a couple for the first scan.

And the third. Appeared to be some confusion.

In all honesty, if the only symptoms you have are these unknown entries to check point software (a.k.a. Zone Alarm) then I don’t think there is anything to be concerned with. But I will allow a qualified malware removal specialist to decide that, based on your logs so far.

ZA has this file (garnered from your OTL log), C:\Program Files\CheckPoint\ZAForceField\ForceField.exe and that is a web browser toolbar that is supposed to protect against phishing, etc. This would almost certainly require access to the check point/zone alarm servers to carry out this task.

That said, the avast web shield and network shield should protect you against this anyway.

The computer has something wrong, it’s really slow, especially on startup.

I just noticed that when I use the (program CurrPorts) “Use DNS cache for host names”. There will be some of the programs, to the Remote Host Name: “spybot.com.es” which is prohibited in the list (Figure).

Excerpt from the list: Do not open the links!

127.0.0.1 server358.–net—
127.0.0.1 softparade.freelandmedia.–com—
127.0.0.1 spybot.com.–es—

Do not open the links! I added the lines, just in case.