用HijackThis扫描发现F2项
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\cgancal.exeUserInit有以前没见过的cgancal.exe,
在安全模式下为
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe尝试在安全模式下改注册表为UserInit=C:\WINDOWS\System32\userinit.exe,改完后又自动变回去了。尝试删除这两个文件,结果又自动生成。
请问,这两个是什么文件啊?有什么危害么?
以下为扫描记录:
Logfile of HijackThis v1.99.1
Scan saved at 19:41:17, on 2006-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\SkyNet\FireWall\PFW.exe
C:\WINDOWS\System32\ctfmon.exe
E:\security\HijackThis.exe
E:\Program Files\GreenBrowser\GreenBrowser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\cgancal.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v13.dll
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\Program Files\SkyNet\FireWall\PFW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - E:\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - E:\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到广告杀手 - E:\Program Files\TweakAssist\AdKiller.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - E:\Program Files\KAV\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - E:\Program Files\KAV\KWatch.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
