HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:19:42, 日期 2006-7-19
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRAM FILES\RISING\RAV\RavAgent.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\PROGRAM FILES\RISING\RAV\RavAlert.exe
C:\Program Files\Rising\Rav\RavService.exe
C:\PROGRAM FILES\RISING\RAV\RavUpdate.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Rising\Rav\RNReport.exe
C:\WINNT\system32\MSTask.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\system32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CpqRcmc.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\sysdown.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\conime.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Rising\Rav\RavControl.exe
E:\反浏览器劫持工具\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: CPQTEAM cpqteam.exe
O4 - 启动项HKLM\\Run: RavTask "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKCU\\Run: internat.exe internat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O15 - 添加的受信任的 IP 地址范围: http://192.168.1.5
O16 - DPF: {12FCCF9A-24C5-4556-AD8B-ACFAE87E7C4A} (WebFun Control) - /icons/icons/WBody.cab
O16 - DPF: {21DF962B-D2EF-4BE5-8753-53311F3DFF23} (WebScan Control) - /icons/icons/WebScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133944905843
O16 - DPF: {80602244-4662-46AC-A1FA-4DE9328C5023} (iSignatureSetup Control) - /icons/icons/iSignature.cab
O16 - DPF: {CAA96807-4A02-43E5-8D12-65570621FAC6} (IWFC Control) - http://222.76.210.141/icons/icons/iWFC.cab
O16 - DPF: {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} (KATScan Control) - http://211.152.52.102/duba/antitrojan/update/OCX/KATScan.CAB
O16 - DPF: {E86CD9A0-00A5-42BB-A872-B3572129C0C8} (WebInstall Control) - /icons/icons/WebInstall.ocx
O16 - DPF: {F75241BE-34FC-4EFA-A049-65BC895947C8} (UpLoad Control) - /icons/icons/Upload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8784E0A-88E1-4C61-920B-C6EE46DDD71E}: NameServer = 211.91.120.129,172.168.1.2

O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Alerter - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\clipsrv.exe (file missing)
O23 - NT 服务: Compaq Remote Monitor Service (CpqRcmc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\CpqRcmc.exe (file missing)
O23 - NT 服务: Distributed File Sys tem (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - NT 服务: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
O23 - NT 服务: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\faxsvc.exe (file missing)
O23 - NT 服务: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\llssrv.exe (file missing)
O23 - NT 服务: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Messenger - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - NT 服务: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Rav Net Agent (RavAgent) - 北京瑞星科技股份有限公司 - C:\PROGRAM FILES\RISING\RAV\RavAgent.exe
O23 - NT 服务: Rav Net Alert (RavAlert) - 瑞星科技股份发展有限公司 - C:\PROGRAM FILES\RISING\RAV\RavAlert.exe
O23 - NT 服务: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - NT 服务: RavUpdate - Unknown owner - C:\PROGRAM FILES\RISING\RAV\RavUpdate.exe" (file missing)
O23 - NT 服务 : Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\regsvc.exe (file missing)
O23 - NT 服务: RNReport - 瑞星科技股份发展有限公司 - C:\Program Files\Rising\Rav\RNReport.exe
O23 - NT 服务: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
O23 - NT 服务: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\rsvp.exe (file missing)
O23 - NT 服务: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\MSTask.exe (file missing)
O23 - NT 服务: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
O23 - NT 服务: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - NT 服务: HP ProLiant System Shutdown Service (sysdown) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\sysdown.exe (file missing)
O23 - NT 服务: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - NT 服务: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\termsrv.exe (file missing)
O23 - NT 服务: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lserver.exe (file missing)
O23 - NT 服务: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - NT 服务: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\UtilMan.exe (file missing)
O23 - NT 服务: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\Administra tor\W INDOWS\System32\WBEM\WinMgmt.exe (file missing)
O23 - NT 服务: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Services.exe (file missing)
O23 - NT 服务: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)

并没有看到落雪..

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
是否被劫持？

天呀。。。这服务项看得人头晕。。。。。好像有很多是被损坏的。

引用:

【YClong的贴子】O10 - Broken Internet access because of LSP provider ''c:\documents and settings\administrator\windows\system32\rnr20.dll'' missing 是否被劫持？ ...........................

已经丢失..

一把傀儡
为了更好的修复
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

丢失的服务也一大堆..

C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\lserver.exe
这两个文件不知是什么。。。。。。

请问无邪和mopery丢失的东西能修复吗？