我的防火墙显示，IE窗口自动连接三个IP地址，经查，属江苏的IP，没任何操作，肯定是有问题，但不知问题出在哪，求高手帮助！

16:24:51 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3361 已拦截
16:21:51 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3338 已拦截
16:18:51 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3336 已拦截
16:15:51 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3240 已拦截
16:12:50 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3227 已拦截
16:09:50 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3181 已拦截
16:06:50 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3180 已拦截
16:03:50 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3159 已拦截
15:57:33 2005-11-28 Windows Explorer (C:\WINDOWS\explorer.exe) 建立 TCP 连接 221.231.132.78 : HTTP (80) localhost : 3153 已拦截


同样的还很多

扫描日志如下：

HijackThis_815汉化版扫描日志 V1.99.1
保存于 16:38:54, 日期 2005-11-28
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Tencent\RTX\rtxc.exe
C:\DOCUME~1\deng\LOCALS~1\Temp\remotesetup.exe
C:\WINDOWS\system32\conime.exe
c:\program files\rising\rav\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
F:\Program Files\qq\QQ.exe
F:\Program Files\qq\TIMPlatform.exe
c:\program files\rising\rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
F:\fxj\hypfxj.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\deng\LOCALS~1\Temp\Rar$EX00.263\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ACA Capture - {93C69D87-A11D-4FFC-BC56-BE7EE0D235BA} - C:\Program Files\SuperCapturePro431\scap003p.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [S3TRAY2] S3Tray2.exe
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = F:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - c:\Program Files\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - 浏览器额外的按钮: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\UC.exe
O9 - 浏览器额外的按钮: 启动超级屏捕专业版 - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Program Files\SuperCapturePro431\SCapPro.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {0A8F723A-6075-11D5-914D-0050BAE45AF2} (ExFileToRs.FileToRs) - http://oaserver/exoa2000/cabs/exFileToRs.cab
O16 - DPF: {0B172CE4-CD86-11D3-B5C8-006008C44280} (ExRegClient.Registry) - http://oaserver/exoa/Cabs/ExRegClient.CAB
O16 - DPF: {0C3F0325-4B6A-47CC-9B3E-1A7A38C238FC} (exBody.UCOffice) - http://oaserver/exoa/cabs/Exbody.CAB
O16 - DPF: {227215F6-BE50-473A-8387-8517410C80CC} (ExWshell.Exwscript) - http://oaserver/exoa/Schema/xmlobject/Exwscript.CAB
O16 - DPF: {31A1CB88-08EE-47A5-B585-06B3299775A4} (DataTitle Control) - http://oaserver/exoa/cabs/ExDataTitle.CAB
O16 - DPF: {345676E7-6139-11D5-914F-0050BAE45AF2} (exADO.ado) - http://oaserver/exoa2000/cabs/exADO.CAB
O16 - DPF: {3DE7BCC0-533C-4042-9801-21AC47BF45BB} (DataForm Control) - http://oaserver/exoa2000/cabs/ExDataForm.CAB
O16 - DPF: {4D30B94E-6B68-11D5-B55A-00104B987AF8} (ExGetObject.GetObject) - http://oaserver/exoa2000/cabs/ExGetObject.CAB
O16 - DPF: {54BA80C4-1B0A-11D4-A5A1-00105A776069} (exFileToMessage.FileToMessage) - http://oaserver/exoa2000/cabs/exFileToMessage.CAB
O16 - DPF: {5837011D-9655-4556-860C-3C9DC96C62FE} (ExComCtl2.ExDTPicker) - http://oaserver/exoa2000/cabs/ExComctl2.CAB
O16 - DPF: {5B8E46A7-9044-429C-8455-02643AC25810} (ExSelActReci Control) - http://oaserver/exoa2000/cabs/ExSelActReci2.CAB
O16 - DPF: {71D2A2DE-6C35-11D5-916E-0050BAE45AF2} (ExMapCtrl.exMap) - http://oaserver/exoa2000/cabs/exMapOCX2.CAB
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {9627708A-2313-42B2-A97D-255ABFEF774E} (Exwprint.wprint) - http://oaserver/exoa2000/cabs/Exwprint.CAB
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bliao.com/download/blueskyvoice.cab
O16 - DPF: {9C08B36C-1339-11D4-A595-00105A776069} (exSoftVersion.SoftVersion) - http://oaserver/exoa/Cabs/exSoftVersion.CAB
O16 - DPF: {9CBAD569-826C-11D2-9073-0020AF05A5B1} (proList.exList) - http://oaserver/exoa2000/cabs/proSelectObject.CAB
O16 - DPF: {9CBAD573-826C-11D2-9073-0020AF05A5B1} (proDocument.exDocument) - http://oaserver/exoa/cabs/prodocument.cab
O16 - DPF: {D2E3290B-9D6E-11D2-8D50-0020AF05A5B2} (ExDoc.ExEditor) - http://oaserver/exoa2000/cabs/exDoc.cab
O16 - DPF: {D508D69F-1A9E-4D01-8CDB-CFFC7AFAE7BF} (Help Control) - http://oaserver/exoa2000/cabs/exdatahelp.cab
O16 - DPF: {D88F3328-0321-11D6-9C64-00105A776064} (exSystem.clsSystem) - http://oaserver/exoa2000/cabs/ExSystem.CAB
O16 - DPF: {D9AD3E92-B4F1-4174-BFCD-CB5699499004} (ExVinAct Control) - http://oaserver/exoa2000/cabs/ExVinAct.CAB
O16 - DPF: {FDC65D71-83A0-11D2-9075-0020AF05A5B1} (exFileAccess.ExFileSys) - http://oaserver/exoa2000/cabs/exfileaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B805E07-057A-45CB-A27A-228FF3C9233E}: NameServer = 202.96.128.68,10.227.14.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25A36C86-7717-42A6-9FD4-C4AF5E73E47D}: NameServer = 202.96.128.143,10.227.14.1
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: EnvSec - Unknown owner - C:\WINDOWS\System32\envsec.exe
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - NT 服务: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - NT 服务: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - NT 服务: Sybase HISServer_A8_HS (SYBHIS_A8_HS) - Unknown owner - C:\Sybase\bin\histsrvr.exe
O23 - NT 服务: SymPxSvc - Unknown owner - (no file)
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe