求救!启动时,显示完滚动滚动条后和“欢迎使用”前,会出现下图界面并停留五分钟,不知何病毒,另外,因为瑞星防火墙是在欢迎使用页面加载,所以问题在瑞星加载之前,望各位高手帮忙,感激不尽!
图片所示会停留5分钟之久
有位大哥说是硬件问题,我想不会吧,这是前几天突然就这样了,电脑是ibm t42笔记本,除了开机要等的久之外,没有其他问题,个人认为是恶意代码给改了,望各位高手帮忙找出原因,至少告诉我,在开机图片所示环节上是由什么控制的,注册表么?具体是哪像呢?不胜感激!!!!!
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<PcSync><; D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [N/A]
<ravtask><C:\Progra~1\Eset\rund1132.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Agere Systems]
<ATIModeChange><; Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<TP4EX><tp4ex.exe> [IBM Corporation]
<UpdateManager><; "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE> [N/A]
<BMMMONWND><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor> [N/A]
<EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe> [IBM Corp.]
<TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe> [N/A]
<TpShocks><TpShocks.exe> [IBM Corp.]
<TrackPointSrv><; tp4serv.exe> [IBM Corporation]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Synaptics, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Synaptics, Inc.]
<DAEMON Tools-1033><"D:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
<C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Mysee2_Runtime / Mysee2_Runtime][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k mysee2-->d:\Program Files\CanJianTV\runtime.dll><北京高维视讯科技有限公司>
[RegSrvc / RegSrvc][Running/Auto Start]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
