After visiting "TheEconomist" web site, I begun to get dozen of messages by ZASS about Winlogon.exe trying to perform outgoing connections to different IPs belonging to severall Doubleclick sites in UK. I identified the sites and put them in the blocked zone of the firewall and stopped the connections themselves; but the thing keeps trying the connections using Winlogon.exe.
As far as I know, the purpose of Winlogon.exe is not that of being a channel of others for outgoing connections. My system seems to be clean, I even run a rootkit finder. No significant alert from the ZASS OSFirewall nor ProcessGuard (wich I keep running togheter without apparent conflict at all and are supposed to be blocking any suspicious interference with the kernel and main processes). In other words, no Dll injections, rootkits or similar nasty things in my system.
I keep clean the registry with RegCure and no suspicious thing in it.
What could be going on?
Operating System:Windows XP Pro x64
Product Name:ZoneAlarm Internet Security Suite