我电脑最近忽然之间狂发连接,瑞星防火墙老是发出winlogon.exe要连接到某个
网页上去,文件路径又很奇怪. \??\c:\windows\system32\winlogon.exe 都这样的,而且就算我选择放行,还是拒绝,过不久它还是会发出来的.很麻烦啊.

求各位哥哥姐姐帮个忙,教教我怎么解决吧.

没有软件可以直接杀到的吗?我很菜鸟啊.我不不会搞.搜索到好多个winlogon.exe的文件啊.有些可以删除,就一个不能删除,如果认为是木马的话,哪个软件好可以介绍一下啊?

啊? 不会吧.我删的都是在那个下载文件夹里面的喔.不是系统盘里面的.不能删的吗?

三个2004年的,一个2002年的.我删的是2004年的.

刚拿金山的杀过,什么都没有. 我快崩溃了。

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 15:17:56, on 2005-9-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
o:\瑞星\rfw\rfwsrv.exe
E:\WINDOWS\Explorer.EXE
o:\瑞星\rfw\RfwMain.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\LLJAgent\KXAgentS.exe
E:\WINDOWS\System32\nvsvc32.exe
O:\瑞星\RAV\CCENTER.EXE
O:\瑞星\RAV\Ravmond.exe
O:\瑞星\RAV\RavStub.exe
E:\WinPoET Broadband Connection\WrOS.EXE
E:\Program Files\wsearch\Search.exe
O:\瑞星\RAV\RAVTIMER.EXE
O:\瑞星\RAV\RAVMON.EXE
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Internet Explorer\iexplore.exe
O:\聊天软件\qq\QQ.exe
O:\聊天软件\qq\TIMPlatform.exe
O:\聊天软件\qq\QQ.exe
O:\新建文件夹\realplay.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
O:\瑞星\RAV\Rav.exe
O:\瑞星\RAV\RsAgent.exe
E:\WINDOWS\msagent\AgentSvr.exe
E:\WINDOWS\System32\svchost.exe
O:\新建文件夹 (2)\Thunder.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\xbn\LOCALS~1\Temp\Rar$EX00.896\HijackThis.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - E:\PROGRA~1\P4P\ToolBar.dll (file missing)
O1 - Hosts: 70.84.177.197 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 70.84.177.197 www3.aibgbonline.co.uk
O1 - Hosts: 70.84.177.197 www.bank.alliance-leicester.co.uk
O1 - Hosts: 70.84.177.197 login.iblogin.com
O1 - Hosts: 70.84.177.197 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 70.84.177.197 inet.barclays.co.uk
O1 - Hosts: 70.84.177.197 iibank.barclays.co.uk
O1 - Hosts: 70.84.177.197 iibank.cahoot.com
O1 - Hosts: 70.84.177.197 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 70.84.177.197 ww.hsbc.co.uk
O1 - Hosts: 70.84.177.197 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 70.84.177.197 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 70.84.177.197 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 70.84.177.197 ww3.online.lloydstsb.co.uk
O1 - Hosts: 70.84.177.197 ww3.online.lloydstsb.co.uk
O1 - Hosts: 70.84.177.197 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 70.84.177.197 ob2.nationet.com
O1 - Hosts: 70.84.177.197 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 70.84.177.197 ww1.nwolb.com
O1 - Hosts: 70.84.177.197 ww1.onlinebanking.iombank.com
O1 - Hosts: 70.84.177.197 ww1.www.rbsdigital.com
O1 - Hosts: 70.84.177.197 welcome.smile.co.uk
O1 - Hosts: 70.84.177.197 login.365online.com
O1 - Hosts: 70.84.177.197 wvw.citizensbankonline.com
O1 - Hosts: 70.84.177.197 esecure.regionsnet.com
O1 - Hosts: 70.84.177.197 rollb.associatedbank.com
O1 - Hosts: 70.84.177.197 upb.unionplanters.com
O1 - Hosts: 70.84.177.197 www.onlinebanking.huntington.com
O1 - Hosts: 70.84.177.197 inet.southtrustonlinebanking.com
O1 - Hosts: 70.84.177.197 logon.personal.wamu.com
O1 - Hosts: 70.84.177.197 login.compassweb.com
O1 - Hosts: 70.84.177.197 logon.firstmeritib.com
O1 - Hosts: 70.84.177.197 login.ccfcuonline.org
O1 - Hosts: 70.84.177.197 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 70.84.177.197 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 70.84.177.197 wvw.totallyfreebanking.com
O1 - Hosts: 70.84.177.197 www.online.wellsfargo.com
O1 - Hosts: 70.84.177.197 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 70.84.177.197 accounts4.keybank.com
O1 - Hosts: 70.84.177.197 logon.bankone.com
O1 - Hosts: 70.84.177.197 www.secure.tdbanknorth.com
O1 - Hosts: 70.84.177.197 www.secure.mvnt4.com
O1 - Hosts: 70.84.177.197 ww.mynfbonline.com
O1 - Hosts: 70.84.177.197 login.forumcuonline.com
O1 - Hosts: 70.84.177.197 www.eds.usersonlnet.com
O1 - Hosts: 70.84.177.197 www.onlineid.bankofamerica.com
O1 - Hosts: 70.84.177.197 wvw.e-gold.com
O1 - Hosts: 70.84.177.197 pcbs.peoples.com
O1 - Hosts: 70.84.177.197 www.global1.onlinebank.com
O1 - Hosts: 70.84.177.197 ww2.mybranch.lafcu.com
O1 - Hosts: 70.84.177.197 login.webbanking.comerica.com
O1 - Hosts: 70.84.177.197 web.banking.firsttennessee.com
O1 - Hosts: 70.84.177.197 logon.members1st.org
O1 - Hosts: 70.84.177.197 www.cib.ibanking-services.com
O1 - Hosts: 70.84.177.197 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 70.84.177.197 wvw.paypal.com
O1 - Hosts: 70.84.177.197 www.signin.ebay.com
O1 - Hosts: 70.84.177.197 wvw.etrade.com
O1 - Hosts: 70.84.177.197 ww4.fleethomelink.fleet.com
O1 - Hosts: 70.84.177.197 ww3.connect.skyfi.com
O1 - Hosts: 70.84.177.197 www6.usbank.com
O1 - Hosts: 70.84.177.197 www.bvi.bancodevalencia.es
O1 - Hosts: 70.84.177.197 extrant.banesto.es
O1 - Hosts: 70.84.177.197 banesnt.banesto.es
O1 - Hosts: 70.84.177.197 activia.caixagalicia.es
O1 - Hosts: 70.84.177.197 www.bancae.caixapenedes.com
O1 - Hosts: 70.84.177.197 login.caixasabadell.net
O1 - Hosts: 70.84.177.197 oii.cajamadrid.es
O1 - Hosts: 70.84.177.197 login.cajamar.es
O1 - Hosts: 70.84.177.197 login.ccm.es
O1 - Hosts: 70.84.177.197 ww.unicaja.es
O1 - Hosts: 70.84.177.197 www5.bancopopular.es
O1 - Hosts: 70.84.177.197 ww3.bbvanet.com
O1 - Hosts: 70.84.177.197 ww.bayernlb.de
O1 - Hosts: 70.84.177.197 ww2.berliner-volksbank.de
O1 - Hosts: 70.84.177.197 ww7.homebanking-berlin.de
O1 - Hosts: 70.84.177.197 portal09.commerzbanking.de
O1 - Hosts: 70.84.177.197 www.meine.deutsche-bank.de
O1 - Hosts: 70.84.177.197 ww2.dresdner-privat.de
O1 - Hosts: 70.84.177.197 ww.e-banking.helaba.de
O1 - Hosts: 70.84.177.197 ww.hsh-nordbank.de
O1 - Hosts: 70.84.177.197 www.my.hypovereinsbank.de
O1 - Hosts: 70.84.177.197 ww3.homebanking-berlin.de
O1 - Hosts: 70.84.177.197 ww3.homebanking-berlin.de
O1 - Hosts: 70.84.177.197 www.banking.lbbw.de
O1 - Hosts: 70.84.177.197 lrp.sparkasse-banking.de
O1 - Hosts: 70.84.177.197 ww3.homebanking-niedersachsen.de
O1 - Hosts: 70.84.177.197 www.onlinebanking.norisbank.de
O1 - Hosts: 70.84.177.197 www.banking.postbank.de
O1 - Hosts: 70.84.177.197 wvw.internetbanking.gad.de
O1 - Hosts: 70.84.177.197 ww1.portal.izb.de
O1 - Hosts: 70.84.177.197 wvw.kunden-service.lbs.de
O1 - Hosts: 70.84.177.197 ibanking.seb.de
O1 - Hosts: 70.84.177.197 bw7.sparkasse-banking.de
O1 - Hosts: 70.84.177.197 ww2.homebanking-sparkasse.de
O1 - Hosts: 70.84.177.197 ww2.vr-networld-ebanking.de
O1 - Hosts: 70.84.177.197 ww.bics.fr
O1 - Hosts: 70.84.177.197 www.co.caixabank.fr
O1 - Hosts: 70.84.177.197 ww.creditmutuel.fr
O1 - Hosts: 70.84.177.197 internetbank.intesabci.it
O1 - Hosts: 70.84.177.197 ww.extensive.bancalombarda.it

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - E:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\New Folder\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - E:\Program Files\P4P\SoDAIE.dll (file missing)
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - (no file)
O2 - BHO: (no name) - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - E:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O2 - BHO: (no name) - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - E:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll
O3 - Toolbar: ????? - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - E:\Program Files\yisou\yisou.dll
O3 - Toolbar: ????? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - E:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - E:\PROGRA~1\P4P\ToolBar.dll (file missing)
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "O:\
O4 - HKLM\..\Run: [helper.dll] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [迅雷4] O:\
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YDTMain.exe] ; E:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [BCUpdate] ; E:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [ADShow] ; E:\WINDOWS\System32\bcsysnote.ex?
O4 - HKLM\..\Run: [e-Border Credential] ; E:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-2052] ; "E:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [MoveSearch] E:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [RavTimer] O:\
O4 - HKLM\..\Run: [RavMon] O:\
O4 - HKLM\..\Run: [gg91h] ; E:\WINDOWS\system32\gg91h.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Super Rabbit CDNotify] ; O:\
O4 - HKCU\..\Run: [CursorXP] ; "O:\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u E:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &使用迅雷下载 - O:\
O8 - Extra context menu item: &使用迅雷下载全部链接 - O:\
O8 - Extra context menu item: 使用Kugoo下载 - O:\KuGoo\KugooDownX.htm
O8 - Extra context menu item: 使用搜狗直通车下载 - E:\PROGRA~1\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - O:\
O8 - Extra context menu item: 使用网际快车下载全部链接 - O:\
O8 - Extra context menu item: 易趣购物 - E:\Program Files\AD4All\link1\ebaylink.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - O:\
O8 - Extra context menu item: 添加到QQ表情 - O:\
O8 - Extra context menu item: 用QQ彩信发送该图片 - O:\
O9 - Extra button: SoQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: e:\program files\permeo\e-border driver\s5spi.dll
O11 - Options group: [!CNS] 
O11 - Options group: [TBH] QQ
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.152.160.50:1995/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {A162E671-4A6F-4BC0-A598-ED17DFFBDDD7} (VqqSpeedCtrl Class) - http://61.152.100.15/DownloadFiles/vqqspeeddl.cab
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bliao.com/download/blueskyvoice_27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl.cab

我终于弄上来了。帮我看看吧.谢谢了.

高手帮帮忙啊...... 我贴了日志了.请帮帮我啊...

帮我看看啊....怎么没人了啊...